Game Scout
Security checks across static analysis, malware telemetry, and agentic risk
Overview
Game Scout is a coherent game-research skill, but it uses third-party search/scraping services and API keys, including a disclosed bot-detection-bypassing scraper.
This skill appears safe for its stated purpose if you are comfortable with third-party web research services. Before installing, make sure you trust it with Exa/Bright Data API usage, avoid putting private information in game queries or URLs, and use the scraping features only on appropriate public sources.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may scrape public web pages through Bright Data, including sites that try to block automated access.
The skill exposes a broad URL-scraping workflow and explicitly uses Bright Data to bypass bot detection. This is disclosed and aligned with public web research, but users should ensure they only scrape appropriate URLs and understand provider/site-policy implications.
`node {baseDir}/scripts/bright-scrape.mjs <url> [url2...]` | `Scrape URLs to markdown via Bright Data (bypasses bot detection, great for Reddit)`Use it for intended public game-research sources only, and avoid private, sensitive, or prohibited URLs.
Installing and using the skill can consume the user’s Exa and Bright Data account quotas or billing allowances.
The skill requires provider credentials for its search and scraping integrations. This is expected for the stated purpose, and the scripts use the keys for provider authentication rather than hardcoding or printing them.
Requires API keys from [Exa AI](https://exa.ai) and [Bright Data](https://brightdata.com) ... `EXA_API_KEY=your-key` `BRIGHTDATA_API_KEY=your-key` `BRIGHTDATA_ZONE=your-zone-name`
Use restricted provider keys where possible and monitor API usage.
Game-related search terms, target URLs, and scraped-source requests may be visible to third-party providers.
Search queries and related options are sent to Exa, and similar scripts send target URLs to Bright Data. These provider data flows are disclosed and purpose-aligned, but they are still external transmissions.
const resp = await fetch("https://api.exa.ai/search", { method: "POST", headers: { "Content-Type": "application/json", "x-api-key": apiKey }, body: JSON.stringify(body) });Avoid including private information in queries or URLs, and review Exa/Bright Data privacy and retention settings if that matters to you.