ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Agent Stealth Scraper

High-performance, adaptive web scraping engine. Native bypass for Cloudflare Turnstile and interstitial pages. Designed for 2026 Agentic Intelligence.

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 400 · 1 current installs · 1 all-time installs
bySystem Architect Zero@tmstudio667-commits
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The name/description claim 'native bypass for Cloudflare Turnstile and interstitial pages' and high-performance scraping, but the skill declares no binaries, no packages, no credentials, no config paths, and no source or homepage. Implementing reliable anti-bot bypass typically requires headless-browser tooling (e.g., Puppeteer/Playwright), third-party captcha-solving services, or platform-specific binaries; none are requested or documented. The capability claimed is therefore disproportionate to the tiny, instruction-only manifest.
!
Instruction Scope
SKILL.md contains only a high-level marketing description and a single example CLI invocation (npx openclaw skill run ...). It does not describe what the agent should actually do at runtime (no commands, no network endpoints, no libraries to call). The instructions are vague and grant broad, undefined discretion: a real scraper-with-bypass would need detailed runtime steps. This ambiguity increases risk because the skill could later be implemented as arbitrary behavior without matching the declared metadata.
Install Mechanism
No install spec and no code files are present, so nothing will be written to disk or automatically installed by the skill bundle itself. That reduces immediate supply-chain risk. However, absence of an install step also means the skill is currently a stub/marketing doc rather than a functioning implementation.
Credentials
The skill declares no required environment variables, credentials, or config paths. That is proportionate in the sense of not requesting secrets, but it is inconsistent with the claimed functionality (bypassing anti-bot systems commonly requires third-party services or binaries). The lack of any declared credentials or endpoints is a red flag for completeness/provenance, though not directly an exfiltration risk in its current form.
Persistence & Privilege
The skill is not marked 'always: true' and uses default invocation settings. It is user-invocable and the agent may call it autonomously (the platform default), which is normal. There is no evidence this skill requests persistent or elevated platform privileges beyond standard skill invocation.
What to consider before installing
This package is essentially a one-page marketing stub claiming advanced Cloudflare/Turnstile bypass without any source code, install steps, dependencies, or homepage. Before installing or enabling it, ask the publisher for: (1) source code or a trustworthy release URL, (2) a clear runtime dependency list (browsers, captchasolvers, libraries) and network endpoints it will contact, and (3) legal/ethical guidance for use (bypassing protections can violate terms of service or law). Do not provide any credentials to this skill. If you want to test it, run it in an isolated sandbox or ephemeral environment and inspect network activity and filesystem changes. If the author cannot supply verifiable code and provenance, treat the skill as untrusted and avoid enabling it in production.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
datavk9762yxb0w8h9453rbr6w1q6rx826501latestvk9762yxb0w8h9453rbr6w1q6rx826501scrapingvk9762yxb0w8h9453rbr6w1q6rx826501stealthvk9762yxb0w8h9453rbr6w1q6rx826501

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🕷️ Clawdis

SKILL.md

Agent Stealth Scraper

Bypass modern anti-bot protections with adaptive element tracking. Built on top of the Scrapling framework for 1000x faster parsing than traditional BS4.

Features

  • Anti-Bot Mastery: Native support for bypassing Cloudflare and other challenges.
  • Adaptive Selection: Elements are found using similarity algorithms, making your scripts resilient to UI changes.
  • AIOHTTP Powered: Fully asynchronous for high-scale data harvesting.

Usage

npx openclaw skill run agent-stealth-scraper --url "https://target-website.com"

Architect's Note

Information sovereignty is built on data accessibility.

Files

1 total
Select a file
Select a file to preview.

Comments

Loading comments…