TinyFish Web Agent
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could be used to automate or scrape sites that are trying to restrict bots, creating legal, account, or abuse risk for the user.
The skill explicitly authorizes scraping and automation against bot-protected sites, which is broader than normal page extraction and lacks artifact guidance limiting use to authorized targets.
Use when you need to extract/scrape data from websites, handle bot-protected sites, or automate web tasks.
Use only on sites you are authorized to automate, and require explicit user approval before any non-read-only browser action.
A vague or mistaken goal could cause unwanted clicks, form submissions, or changes on third-party websites.
The documented browser agent can interact with arbitrary websites and fill forms, but the skill does not include safety instructions to stop before submissions, purchases, posts, or account-changing actions.
The agent opens a real browser, navigates, clicks, fills forms, and extracts data.
Keep tasks read-only by default and require confirmation before submitting forms, logging in, purchasing, posting, or changing account data.
Installing a global CLI gives third-party package code local execution on the user's machine.
The skill is instruction-only but tells the user/agent to install a global npm package that is not represented in an install spec or pinned version.
If not installed: `npm install -g @tiny-fish/cli`
Verify the npm package source and publisher before installing, and prefer a pinned version or isolated environment.
The TinyFish CLI will operate under the user's TinyFish account and may incur provider usage or expose tasks to that account.
The skill requires TinyFish account authentication even though registry metadata lists no primary credential or required environment variable; this is expected for the provider but under-declared.
If not authenticated: `tinyfish auth login` or set `TINYFISH_API_KEY` env var.
Use a least-privileged API key where available, keep it out of prompts and logs, and revoke it if no longer needed.
Sensitive URLs, prompts, or form data included in automation goals could be visible to the external provider.
The skill routes URLs and extraction tasks through TinyFish's server-side service, so submitted URLs, goals, and extracted results may be processed outside the local agent.
Accepts multiple URLs in a single call — they are fetched in parallel server-side
Avoid sending private or regulated data unless TinyFish's data handling terms meet your requirements.
Automation jobs may keep running or consuming credits unless monitored and canceled when needed.
The skill supports asynchronous and batch agent runs that can continue after submission, though it also documents list/get/cancel commands.
`--async` | Submit and return immediately ... `tinyfish agent batch run --input runs.csv`
Use async and batch modes only for well-scoped jobs, then check run status and cancel unintended runs promptly.