Scrapeless Scraping Browser Skill
WarnAudited by ClawScan on May 18, 2026.
Overview
This skill is a cloud browser automation wrapper, but it explicitly promotes residential-proxy and anti-detection browsing, so it should be reviewed carefully before use.
Install only if you trust the Scrapeless CLI and need cloud browser automation. Use it only on sites you are authorized to automate, avoid detection-bypass/proxy features unless clearly permitted, protect the API key, and do not send confidential website data or credentials through the cloud browser unless your organization approves that provider.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent could use cloud browsers and proxies to scrape or interact with websites in ways that violate site rules, trigger account risk, or bypass protections.
The skill authorizes broad browser actions while explicitly advertising proxy and detection-bypass use, which can be used to evade website controls rather than only perform authorized automation.
"automating any browser task with residential proxies and anti-detection features" ... "bypass detection"
Use only for websites and tests you are authorized to automate. Require explicit confirmation before scraping, submitting forms, logging in, or using proxy/anti-detection features.
Installing or invoking the CLI runs code supplied by the external npm package, which may change over time.
The executable functionality comes from an external npm package not included in the reviewed artifacts and not pinned to a specific version. This is normal for a CLI skill but leaves package provenance outside the static review.
"installation": { "npm": "npm install -g scrapeless-scraping-browser" }Install only from the official package/repository, consider pinning a known-good version, and review the package before giving it API keys or sensitive browsing tasks.
If the API key is exposed in logs, shell history, or agent context, someone could use the Scrapeless account or incur usage under that account.
The skill needs a Scrapeless API token and includes commands to store and retrieve it. This is expected for the provider integration, but the token is sensitive account authority.
Before using scrapeless-browser, you MUST set up authentication: ... scrapeless-scraping-browser config set apiKey ... export SCRAPELESS_API_KEY ... config get apiKey
Use a scoped or dedicated API key if available, avoid displaying the key with `config get apiKey`, protect shell history, and rotate the key if it is exposed.
Web pages visited, form inputs, screenshots, and recordings may be handled by the provider, which matters for confidential sites or personal data.
Cloud browser use means browsing activity, screenshots, extracted data, and optional recordings may be processed by the Scrapeless service. This is disclosed and purpose-aligned, but it is a sensitive data boundary.
No sensitive data is transmitted to third parties except Scrapeless API ... Session recordings (if enabled) are stored on Scrapeless servers
Review Scrapeless privacy and retention terms, avoid entering secrets or regulated data unless approved, and disable recordings unless they are needed.