Funda Listings Gateway
v1.0.12Local Funda.nl HTTP gateway for listing details, search, and image previews
⭐ 0· 545·0 current·0 all-time
byBoris@risboo6909
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description match the included Python code and docs: the package implements a local HTTP gateway over pyfunda providing listing details, price history, search, and image preview generation. Required packages (pyfunda, Pillow, curl-cffi) are appropriate for web scraping and image processing; no unrelated binaries, env vars, or external credentials are requested.
Instruction Scope
SKILL.md keeps scope narrow: it instructs creating a venv, installing the listed requirements, and running scripts/funda_gateway.py bound to 127.0.0.1. The gateway intentionally has no auth or rate limiting (documented), and the API includes an option to save resized preview images to disk inside the skill root. The instructions explicitly warn not to expose the server publicly and to treat external data as untrusted. Because the gateway is unauthenticated, the user guidance and code’s local-only bind are important — you must ensure the server remains on loopback and not reachable from other hosts.
Install Mechanism
There is no opaque remote installer; SKILL.md directs the user to create a Python venv and pip-install the explicit requirements listed in scripts/requirements.txt. All dependencies are standard Python packages on PyPI (pyfunda, curl-cffi, Pillow, etc.), not downloaded from arbitrary URLs or untrusted servers. This is a typical low-to-moderate risk install pattern for Python skills.
Credentials
The skill requests no environment variables, no credentials, and no config paths. Its behavior (network access to Funda and optional saving of preview images under the skill root) is proportional to the stated purpose. There are no unexpected credential or filesystem accesses declared.
Persistence & Privilege
The skill is not always-enabled, does not claim elevated privileges, and does not modify other skills or system-wide settings. It will create a local process (the gateway) and may write preview files into its own skill root when save=1; that is normal for this functionality and is constrained by code that attempts to keep saved files inside the skill root.
Assessment
This skill appears to be what it says: a local, unauthenticated HTTP gateway for Funda.nl data and image previews. Before installing, consider the following:
- Run it only in a trusted, isolated environment (local machine or sandbox). The gateway deliberately has no authentication or rate limiting — if you accidentally expose the bound port to a network, anyone who can reach it could query it.
- The gateway may access the public internet to fetch Funda pages and images (pyfunda + urllib/curl-cffi). Ensure you are comfortable with that outgoing network activity and with the legal/terms-of-service implications of scraping.
- Preview images can be saved to disk under the skill root when you call get_previews with save=1; saved paths are checked to remain inside the skill root, but verify the location and avoid running as root.
- The install process uses pip to install requirements from scripts/requirements.txt; review those package versions and consider installing in a dedicated virtualenv.
- The code bundle is small and transparent; nevertheless, review the full funda_gateway.py (and the truncated portion if you only have a partial copy) before running to ensure there are no hidden behaviors.
If you want stronger safety: run the gateway in a container or VM with restricted network access, and use firewall rules to ensure the port is truly loopback-only.Like a lobster shell, security has layers — review code before you run it.
latestvk97d0jfxppd2y9g80yzxqqxwen823k2f
License
MIT-0
Free to use, modify, and redistribute. No attribution required.