Swipenode

This skill could be what it claims (fast scraping of framework-embedded JSON), but several things don't add up and raise real risk: - Inconsistent sources: SKILL.md points to https://github.com/sirToby99/swipenode while README uses https://github.com/Nefas11/swipenode — confirm the official source and verify repository history before cloning or building. - No formal install spec: the registry lists no installer, yet instructions ask you to git clone and go build a binary from an external repo. Treat that binary as untrusted until reviewed. - WAF/TLS spoofing: the tool advertises TLS-fingerprint spoofing to bypass Cloudflare/WAFs. That is dual‑use (can be used for evading protections) and may violate target sites' terms or laws. Only use where you have permission and legal authority. - 'install-mcp' / auto-registration: this could modify your Claude Desktop or agent config. Don’t run install-mcp or any integration command until you inspect the code that performs the registration and confirm what files it changes. - Practical steps before using: (1) verify and prefer an official signed release or a single authoritative repo; (2) review source code (especially network/TLS code and any config-modification routines) or have a trusted person do so; (3) build in an isolated sandbox/container and run with least privilege; (4) avoid running install-mcp until you can audit the registration logic; (5) ensure use complies with target site terms-of-service and applicable law. If the maintainer publishes a clear, consistent repository with signed releases and an install spec pointing to an official release host (GitHub Releases or similar), and if the install-mcp behavior is documented and auditable, that would reduce my concern.