Deep Scraper
PassAudited by ClawScan on May 1, 2026.
Overview
This appears to be a disclosed web-scraping skill, but it needs Docker/browser automation and broad URL access, so only use it on approved public pages and inspect the setup.
Before installing, confirm you are comfortable running a Dockerized browser scraper, inspect or obtain the missing Dockerfile, and only invoke it for public or otherwise authorized pages. The included code does not show hidden exfiltration or destructive behavior.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If pointed at the wrong page, the skill could collect and return content from that page.
The handler accepts an arbitrary target URL, loads it in a browser, and returns page text. This is expected for a scraper, but users should notice the broad target scope.
const targetUrl = process.argv[2]; ... await page.goto(targetUrl, { waitUntil: 'networkidle' }); ... data: content.substring(0, 10000)Use it only with approved public URLs and require explicit confirmation before scraping private, internal, or sensitive pages.
A user may need to supply or locate unreviewed Docker build instructions before the skill works.
The skill asks users to build a Docker image, but the provided manifest does not include a Dockerfile and the registry has no install spec. This is a setup/provenance gap, although the step is disclosed and user-directed.
Build command: `docker build -t clawd-crawlee skills/deep-scraper/` ... Ensure the Dockerfile remains within the skill directory
Inspect the Dockerfile/build context before building the image, and prefer a complete, reviewed package with install requirements declared in metadata.
The installed scraping runtime may vary over time depending on package resolution.
The npm dependencies use version ranges and no lockfile is present in the provided manifest, so future installs may resolve different package versions.
"dependencies": { "crawlee": "^3.0.0", "playwright": "^1.40.0" }Use a lockfile or pinned dependency versions when building the container for repeatable installs.