PulpMiner Web Scraper - Convert Any Webpage to Realtime JSON API
PassAudited by ClawScan on May 1, 2026.
Overview
The skill is a coherent PulpMiner API guide, but it uses an API key and sends scraped webpage data to PulpMiner, and optionally Zapier, where responses may be cached.
This skill appears safe to install as an instruction-only PulpMiner integration. Before using it, protect your PulpMiner API key, verify API IDs and target URLs, avoid scraping confidential or unauthorized content, and be careful with Zapier or n8n callback URLs because scraped results may be sent there.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked with the wrong saved API or variables, the agent could trigger scraping of unintended pages and consume credits.
The skill exposes a broad web-scraping API capability. This is the stated purpose, but users should still ensure the agent only scrapes intended and permitted URLs.
Convert any webpage into structured JSON data using AI. Scrape websites, extract data into custom JSON schemas
Review the saved API ID, target URL, and dynamic variables before use, and only scrape sites and data you are authorized to process.
Anyone or any agent with the key could call PulpMiner endpoints for that account and spend available credits.
The skill requires a PulpMiner API key for all API calls, which is expected for the service but represents account-level authority and possible credit usage.
All API calls require the `apikey` header: apikey: <PULPMINER_API_KEY>
Store the API key as a secret, avoid pasting it into shared chats or logs, monitor credit usage, and regenerate the key if it may have been exposed.
Sensitive webpage content could be sent to and cached by the provider, and extracted JSON should be treated as generated data that may be inaccurate or influenced by webpage content.
Scraped page content is processed by an external LLM workflow and cached provider-side. This is purpose-aligned, but it affects privacy and output trust.
PulpMiner scrapes the page, runs it through an LLM, and returns clean structured data. ... API responses are cached for 24 hours by default
Avoid scraping confidential pages unless that is acceptable under your data policy, disable caching when needed, and verify important extracted results before relying on them.
If a callback URL is wrong or untrusted, scraped data could be delivered to an unintended third party.
The Zapier integration can forward scraped results to a webhook callback URL. This is disclosed and expected, but webhook destinations must be trusted.
Sends scraped data to the callback URL when complete.
Use only trusted HTTPS webhook URLs, verify Zapier/n8n workflow ownership, and avoid sending sensitive scraped content to callbacks unless necessary.