Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Js Render Scraper
v1.0.0爬取需要 JavaScript 渲染的动态网页内容。当用户要求抓取 SPA、React/Vue 应用、无限滚动页面、需要登录的页面或任何依赖 JS 动态加载内容的网站时使用。支持使用 Playwright 进行浏览器自动化抓取。
⭐ 0· 40·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name and description describe JS-rendered page scraping with Playwright; SKILL.md and included example code implement that behavior. There are no unrelated credentials, binaries, or surprising capabilities requested.
Instruction Scope
Instructions and example code focus on scraping, infinite scroll, Shadow DOM, and login flows. The SKILL.md explicitly recommends evasion techniques (stealth plugin, proxy pools, captcha-solving services), which go beyond neutral scraping guidance and raise legal/ethical concerns even though they are coherent with the goal of bypassing anti-bot measures.
Install Mechanism
This is instruction-only with example scripts; no install spec is provided. The code depends on Playwright and browser binaries (and bs4); the README/code tells the user to install Playwright but the skill manifest does not declare dependencies or provide automated install steps. That makes runtime failure likely and leaves the installation step to the user.
Credentials
requires.env lists no credentials, but examples include scraping pages requiring login (username/password parameters) and the documentation recommends integrating proxies and captcha-solving services (which typically require API keys). The skill does not declare or request these environment variables, creating a mismatch and a potential secret-handling risk if users supply credentials ad hoc.
Persistence & Privilege
The skill does not request always:true, does not modify other skills or system-wide config, and is user-invocable only. It does not request elevated or persistent platform privileges.
What to consider before installing
This skill appears to do what it says (Playwright-based scraping), but consider the following before installing or using it:
- Dependencies: Playwright and browser engines (and bs4) are required but not auto-installed; install and sandbox them before running.
- Secrets: The examples accept login credentials; never paste production or long-lived secrets directly into a skill. Prefer ephemeral/test accounts, or run the scraper locally in an isolated environment.
- Anti-bot advice: The README explicitly suggests proxies, stealth plugins, and captcha-solving services — those can violate website terms of service or laws. Only use such techniques where you have explicit permission to scrape.
- Source provenance: The skill owner and homepage are unknown. If you plan to run it, review the included Python files yourself and run in a restricted sandbox first.
- If you need this skill in a production agent, request the author to: (1) provide an install spec for dependencies, (2) declare any required env vars (proxy/captcha API keys) in the manifest, and (3) document legal/ethical constraints for bypassing anti-bot measures.Like a lobster shell, security has layers — review code before you run it.
latestvk97e6at0rn7whkrcma3wa2k0bs84gers
License
MIT-0
Free to use, modify, and redistribute. No attribution required.