adaptive-web-analyzer
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: adaptive-web-analyzer Version: 1.0.0 The skill requests high-risk permissions including 'system.exec' and 'file.write' in SKILL.md, which are not explicitly utilized in the provided agent.py logic. Furthermore, the analyze_with_llm function in agent.py constructs prompts using unsanitized scraped web content (title, metadata, and body), which presents a vulnerability to indirect prompt injection attacks if a target website contains malicious instructions designed to hijack the agent's LLM. While the code appears to be a legitimate web scraping utility, these broad permissions and lack of input sanitization for the LLM context are significant security risks.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If honored by the agent runtime, this could allow the skill to run local commands beyond what is needed for web summarization.
The skill declares broad local command-execution authority even though the documented workflow is to fetch web content, parse it, send it to an LLM, and return a report.
permissions: ["web.fetch", "web.scrape", "llm.chat", "file.write", "system.exec"]
Remove system.exec unless there is a specific reviewed command path; require explicit user approval for any local execution and keep file writes scoped to user-selected report output paths.
The agent may attempt stealthy scraping against sites that do not permit automated access, which can violate site terms or trigger account/IP blocking.
The skill explicitly advertises automatic bypass of anti-bot protections such as Cloudflare. Even for a scraping skill, this is higher-risk behavior and lacks clear approval, target ownership, or policy guardrails.
反反爬处理:自动绕过Cloudflare等基础防护(遵守robots.txt)
Limit use to sites the user owns or is authorized to scrape, make stealth/bypass modes opt-in, and document clear compliance checks such as robots.txt and rate limits.
Stealth fetching can make automated access harder for websites to detect and may be inappropriate for some targets.
The implementation includes an optional stealth fetching path. This matches the scraping purpose, but users should understand that it changes how the agent interacts with target websites.
if stealth:
fetcher = StealthyFetcher()
else:
fetcher = Fetcher()
response = fetcher.get(url)Use normal fetching by default and reserve stealth mode for authorized testing or owned properties.
Supplying tokens or auth headers to the wrong URL could disclose account credentials to that site.
The skill can use user-supplied authentication headers. This is expected for API access, but it means credentials could be sent to the chosen endpoint.
使用HTTP客户端发送请求(支持自定义Headers、Auth)
Only provide scoped, temporary credentials for trusted endpoints, and verify the destination URL before use.
If the fetched content is confidential, it may be exposed to the model processing path.
The skill discloses that extracted content is sent to an LLM for analysis. This is central to the purpose, but private pages or API responses may contain sensitive information.
将结构化文本发送给LLM,执行以下分析
Avoid using the skill on private, regulated, or credential-protected content unless the model/data-handling policy is acceptable.
If a user tries to run the included code, they may need to install packages from external sources that are not pinned or reviewed here.
The configuration references runtime dependencies, including optional scraping/browser automation packages, while the registry shows no install spec. This is an incomplete setup/provenance signal rather than evidence of malicious behavior.
"dependencies": { "required": ["requests", "beautifulsoup4", "html2text"], "optional": { "scrapling": "用于高级反爬和自适应解析", "playwright": "用于JavaScript动态渲染" } }Provide a clear install spec or lockfile with pinned dependency versions and review optional browser/stealth packages before enabling them.