Swipenode
Security checks across static analysis, malware telemetry, and agentic risk
Overview
SwipeNode is a web-scraping helper, but it explicitly advertises WAF/Cloudflare/Datadome bypass and relies on unreviewed, unpinned external code and MCP setup.
Install only if you are comfortable auditing and building the external repository yourself, and use the scraping/WAF-bypass features only for authorized targets with explicit user approval.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent could use this to scrape protected sites in ways that violate site rules, trigger blocking, or create legal and reputational risk for the user.
The skill explicitly advertises evasion of bot/WAF protections as a feature for scraping, not just ordinary page extraction.
Bypasses Cloudflare/Datadome via TLS fingerprint spoofing ... uses TLS fingerprint spoofing ... to bypass WAF detection
Use only on sites you own or are authorized to access, and require explicit user approval before using WAF-bypass or batch-scraping features.
You cannot tell from the provided artifacts exactly which code will be built and executed, so the real runtime behavior may differ from the documentation.
The README points to one repository for installation while crediting another, and the package contains no reviewed source code, binary, install spec, or pinned commit for the executable that would run.
git clone https://github.com/Nefas11/swipenode.git ... Built by **sirToby99** — https://github.com/sirToby99/swipenode
Verify the repository owner, inspect the source, pin a specific commit or release, and avoid building or running the binary until provenance is clear.
If enabled, local agents may be able to request webpage extraction and consume the returned page data through this MCP server.
The MCP mode exposes the extraction tool to local agents, which is purpose-aligned but creates an agent-tool boundary users should understand.
./swipenode mcp ... Start stdio-based MCP server for Claude Desktop / local agents.
Enable MCP only for trusted local agents and review which agent profiles can call it.
The tool may remain available to Claude Desktop or local agents after the initial setup unless you remove the MCP registration.
The install-mcp command is an optional, user-directed setup step, but it modifies local agent configuration so the integration can persist after restart.
./swipenode install-mcp ... Auto-register SwipeNode with Claude Desktop config.
Check the Claude Desktop MCP configuration after installation and remove the entry if you no longer want agents to access SwipeNode.