ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Scrapeless Pro Skill

v1.0.3

Professional web scraping for OpenClaw — stealth Playwright automation with anti-bot bypass, JavaScript rendering, and structured data extraction from any mo...

0· 52·0 current·0 all-time
by@showmemercy19-rgb
Security Scan
Capability signals
CryptoCan make purchases
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (stealth Playwright scraping) aligns with the included code and declared binaries (node, npx) and dependencies (playwright). However the skill insists on SCRAPELESS_LICENSE_KEY in its metadata and documentation even though the visible code only performs a local regex check and (in the provided snippet) does not clearly enforce a license before scraping. Also the SKILL.md purchase URL (cosmic-lollipop-a61cc5.netlify.app) differs from the URL printed in the code's license error (https://scrapeless-pro.com), which is inconsistent and should be clarified.
Instruction Scope
The SKILL.md runtime instructions stick to installing Playwright, setting a license env var, and running the CLI/programmatic API. The code's runtime behavior (navigating to the target site, rendering JS, injecting stealth scripts, extracting page data) stays within the scraping purpose. Notable scope issues: (1) the doc claims 'No external APIs, no paid services, no data sent to third parties' while referencing a commercial license/purchase flow; (2) the documentation shows a programmatic require('scrapeless-pro') usage, but it's not obvious from the truncated code whether the module exports the scrape function correctly — this is a functional inconsistency rather than overtly malicious.
Install Mechanism
This is an instruction-only skill with bundled JS files and a package.json; there is no opaque download URL or archive extraction. Playwright is a normal dependency and SKILL.md instructs running 'npm install playwright' and 'npx playwright install chromium' which is expected for browser automation. No high-risk install mechanism detected in the provided files.
Credentials
Only one env var is required (SCRAPELESS_LICENSE_KEY), which is proportionate for a commercial component. However, the code shown validates the key only by local regex and (as provided) does not appear to contact a license server; if the license key is not actually used beyond formatting checks, asking users to set a license env var in metadata is misleading. No other unrelated secrets or config paths are requested.
Persistence & Privilege
The skill is not force-included (always:false). It does not request system-wide config changes, nor does it claim to modify other skills or persist beyond its own files. Autonomous invocation is allowed by default (disable-model-invocation:false) but that is the platform norm and not a separate red flag here.
What to consider before installing
The skill appears to implement the claimed stealth scraping features, but there are small inconsistencies you should resolve before installing: (1) confirm whether the SCRAPELESS_LICENSE_KEY is actually required/enforced (the code shows only a regex check) — if it isn't enforced, treat the license requirement as misleading; (2) verify the legitimate purchase/support URL (SKILL.md links to a Netlify page but the code prints a different domain); (3) check that the package actually exports the programmatic API the docs advertise (require('scrapeless-pro') should return a scrape function); (4) be aware this tool performs active scraping with anti-detection techniques — that can violate websites' terms of service and potentially legal/regulatory rules in your jurisdiction; and (5) if you will run this on sensitive hosts, audit the code end-to-end for any hidden network calls (none were obvious in the provided snippet) and prefer installing and running in an isolated environment because Playwright will download/execute browser binaries.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🕷️ Clawdis
Binsnode, npx
EnvSCRAPELESS_LICENSE_KEY
latestvk974gfzhr2vt7v8hkkddx7gx9s852xg0
52downloads
0stars
4versions
Updated 2d ago
v1.0.3
MIT-0
@showmemercy19-rgb
latest
Download

Scrapeless Pro 🕷️

Professional web scraping for OpenClaw. Stealth Playwright automation that renders JavaScript, bypasses anti-bot detection, and extracts structured data from any modern website.

OpenClaw's built-in web_fetch fails on 75% of JavaScript-heavy sites. Scrapeless Pro fixes that.

Why Scrapeless Pro?

  • JavaScript rendering — Works on React, Vue, SPA, and dynamic sites
  • Stealth mode — Random user-agent, viewport, fingerprint masking, anti-detection scripts
  • Auto data extraction — Headings, links, paragraphs, images, meta tags
  • Custom selectors — Target specific elements with CSS selectors
  • Multiple formats — JSON, CSV, Markdown output
  • CLI & programmatic — Use from command line or import in your skills

Purchase License

$49 one-time — Lifetime license, 1 year of updates included.

Get your license: https://cosmic-lollipop-a61cc5.netlify.app

Setup

1. Install

clawhub install scrapeless-pro

2. Set License Key

export SCRAPELESS_LICENSE_KEY="SCRAPELESS-XXXX-XXXX-XXXX-XXXX"

3. Install Playwright (if not already)

npm install playwright
npx playwright install chromium

Usage

CLI

# Basic scrape
node scraper.js scrape https://example.com

# With output format
node scraper.js scrape https://example.com --format csv
node scraper.js scrape https://example.com --format markdown

# Save to file
node scraper.js scrape https://example.com -o data.json

# Custom selectors
node scraper.js scrape https://example.com --selectors '{"products":".product","prices":".price"}'

# Validate license
node scraper.js validate

OpenClaw Agent

Ask your OpenClaw agent:

scrape https://example.com/products and extract all product names and prices

Programmatic

const { scrape } = require('scrapeless-pro');

const data = await scrape('https://quotes.toscrape.com', {
    format: 'json',
    headless: true,
});
console.log(data.title);
console.log(data.headings);

Real Output Example

Tested with https://quotes.toscrape.com (2026-04-18):

{
  "title": "Quotes to Scrape",
  "url": "https://quotes.toscrape.com/",
  "timestamp": "2026-04-18T11:15:40.071Z",
  "headings": [
    { "level": "H1", "text": "Quotes to Scrape" },
    { "level": "H2", "text": "Top Ten tags" }
  ],
  "links": [
    { "text": "Login", "href": "https://quotes.toscrape.com/login" },
    { "text": "(about)", "href": "https://quotes.toscrape.com/author/Albert-Einstein" },
    { "text": "change", "href": "https://quotes.toscrape.com/tag/change/page/1/" }
  ],
  "paragraphs": ["Login", "Quotes by: GoodReads.com"]
}

CLI Options

OptionDescriptionDefault
-f, --formatOutput format: json, csv, markdownjson
-s, --selectorsCSS selectors as JSONauto-detect
-o, --outputSave to filestdout
-t, --timeoutNavigation timeout (ms)30000
-d, --delayRandom delay before navigation (ms)1000
--no-headlessShow browser windowhidden

Stealth Features

  • Random user-agent rotation (5 realistic agents)
  • Random viewport sizes (1920x1080, 1366x768, etc.)
  • Navigator.webdriver override (hides automation flag)
  • Chrome runtime injection
  • Function.prototype.toString override
  • Permissions API spoofing
  • Random scroll behavior
  • Realistic navigation delays

Dependencies

  • playwright — Browser automation
  • commander — CLI interface

No external APIs, no paid services, no data sent to third parties.

Support

Scrapeless Pro v1.0.3 — Commercial skill for OpenClaw

Comments

Loading comments...