Auto Scraping to CSV
WarnAudited by ClawScan on May 12, 2026.
Overview
This looks like a real web-scraping skill, but its local browser bridge is too open and loads unpinned remote code, so it needs review before use.
Only run this if you are comfortable operating a local browser-control server. Avoid sensitive logged-in sites, stop the bridge after use, and prefer a version that pins the CDN dependency, restricts CORS, requires a local auth token, and removes or tightly gates arbitrary JavaScript execution.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
While the bridge is running, another process or web origin that can reach the port may be able to make the browser visit pages and receive page text/state through the bridge.
The bridge accepts browser-control requests and returns DOM state over HTTP with wildcard CORS, and the shown routes do not include authentication, origin checks, or URL restrictions.
'Access-Control-Allow-Origin': '*', ... const session = await createSession({ url: body.url, ... }); ... const state = await getState(id); send(200, state);Require a random local auth token, restrict CORS to the intended client, bind explicitly to loopback, validate allowed URL schemes/hosts, and stop the bridge immediately after use.
A caller with access to the bridge can run arbitrary JavaScript in the automated page, which can bypass safer scraping workflows and alter or extract page content within that browser context.
A caller-selected action can pass a caller-supplied script into the browser controller, creating a raw JavaScript execution escape hatch beyond ordinary text-DOM scraping.
const result = await act(id, body.action, body.params || {}); ... case 'executeJavascript': return await ctrl.executeJavascript(params.script);Remove the executeJavascript action by default, or gate it behind explicit user approval, per-request authentication, and strong allowlisting.
A future or compromised CDN/package version could change what code runs in the browser without the user reinstalling or reviewing the skill.
The bridge downloads and injects an unpinned '@latest' CDN script at runtime, so the code executed in target pages can change after review.
const CDN_URL = 'https://cdn.jsdelivr.net/npm/page-agent@latest/dist/iife/page-agent.demo.js'; ... await page.addScriptTag({ url: CDN_URL });Pin page-agent to a specific reviewed version, include integrity checking or vendor the script, and declare the runtime dependency clearly.