ecommerce-market-analyzer-skill
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is a purpose-aligned e-commerce scraping and reporting skill, but users should notice that it runs local Playwright code, contacts third-party websites, clicks popups, and saves screenshots/HTML locally.
Before installing, be comfortable with running a local Python/Playwright scraper. Review and customize the WEBSITES list, run it in a non-sensitive workspace, watch the screenshots_clean output directory, and make sure your scraping use respects the target sites' terms, robots.txt expectations, and privacy constraints.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill may make many requests to e-commerce sites and interact with cookie or region dialogs without further per-site review.
The script automatically visits third-party websites, clicks popup/consent controls, captures screenshots, and saves page HTML. This is the core purpose of the skill, but it is still automated external-site interaction.
await page.goto(full_url, wait_until="domcontentloaded", timeout=60000) ... await close_popups(page) ... await page.screenshot(...) ... html_path.write_text(html_content, encoding="utf-8")
Use it only on site lists you approve, review applicable site terms and robots.txt expectations, and avoid using it on authenticated or personal pages.
Running the skill will execute the provided Python script in the local environment and create output files.
The skill directs the agent to execute a local Python scraper. This is expected for a scraping skill, but users should understand that installing the skill enables a workflow involving local code execution.
When user provides a list of e-commerce websites, immediately run the scraper: ... uv run python scripts/scrape_websites.py
Review the script and run it from a workspace where creating screenshots_clean output files is acceptable.
Users may need to install external packages and browser binaries before the skill works.
The README asks users to install Playwright and Chromium, but the artifacts do not include a pinned dependency file or automated install spec. This is normal for a Playwright-based scraper, but users should treat it as an external dependency install.
uv pip install playwright playwright install chromium
Install dependencies intentionally from trusted sources, preferably in an isolated project environment, and consider pinning versions for repeatability.