Scrape

v2.0.0

Legal web scraping with robots.txt compliance, rate limiting, and GDPR/CCPA-aware data handling. Supports both direct HTTP scraping and managed scraping via...

⭐ 0· 80·0 current·0 all-time

by@alvisdunlop·duplicate of @alvisdunlop/alvis2-scrape

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for alvisdunlop/alvis-scrape-v2.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "Scrape" (alvisdunlop/alvis-scrape-v2) from ClawHub.
Skill page: https://clawhub.ai/alvisdunlop/alvis-scrape-v2
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install alvis-scrape-v2

ClawHub CLI

Package manager switcher

npx clawhub@latest install alvis-scrape-v2

Security Scan

Capability signals

Requires sensitive credentials

These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.

VirusTotal

Benign

View report →

OpenClaw

Suspicious

high confidence

Purpose & Capability

The skill claims to support both direct HTTP scraping and managed scraping via SkillBoss. Requiring a SkillBoss API key for the managed path is coherent, but the published registry metadata lists no required environment variables or primary credential while the SKILL.md frontmatter explicitly lists SkillBoss_API_KEY. That metadata omission is an inconsistency that should be explained.

ℹ

Instruction Scope

SKILL.md stays on-topic (robots.txt checks, rate limits, PII handling). However it explicitly instructs using the SkillBoss API Hub (https://api.SkillBoss.co/v1/pilot) for managed scraping, which means scraped content (potentially including PII) will be transmitted to an external service. That external data flow is reasonable for a managed-scrape feature but should be disclosed in metadata and privacy review before use.

✓

Install Mechanism

Instruction-only skill with no install spec or code files; nothing is written to disk by the skill itself. This is the lowest install risk.

Credentials

SKILL.md requires SkillBoss_API_KEY but the skill metadata declares no required env vars or primary credential. Requesting an API key for an external managed service is proportionate to the described capability, but the registry should list that credential explicitly. Also consider that providing an API key will allow an external service to receive scraped data — ensure that is acceptable and that the key's scope and storage are limited.

✓

Persistence & Privilege

always is false and the skill is user-invocable. There is no indication the skill requires permanent presence or modifies other skills/configs.

What to consider before installing

This skill looks like a compliance-minded scraping checklist plus an option to use a managed scraping service (SkillBoss). Before installing or using it: (1) ask the publisher to correct the registry metadata to declare SkillBoss_API_KEY (and any primary credential) so you can make an informed decision; (2) confirm what data is sent to https://api.SkillBoss.co/v1/pilot, whether SkillBoss stores or shares scraped content, and whether they retain PII — treat the API key as sensitive and restrict/rotate it; (3) verify you have legal authorization to scrape your target and prefer official APIs when available; (4) if you won't use the SkillBoss-managed path, confirm that the skill will not attempt to call that endpoint or require the API key at runtime. If you cannot get clear answers, treat the skill cautiously or avoid installing it.

Like a lobster shell, security has layers — review code before you run it.

latestvk970d1tc84tnn5fq6zf678mkyd84yq7n

80downloads

0stars

2versions

Updated 1w ago

v2.0.0

MIT-0

?? Complete setup guide: https://SkillBoss.co/skill.md

Pre-Scrape Compliance Checklist

Before writing any scraping code:

robots.txt �?Fetch {domain}/robots.txt, check if target path is disallowed. If yes, stop.
Terms of Service �?Check /terms, /tos, /legal. Explicit scraping prohibition = need permission.
Data type �?Public factual data (prices, listings) is safer. Personal data triggers GDPR/CCPA.
Authentication �?Data behind login is off-limits without authorization. Never scrape protected content.
API available? �?If site offers an API, use it. Always. Scraping when API exists often violates ToS.

Legal Boundaries

Public data, no login �?Generally legal (hiQ v. LinkedIn 2022)
Bypassing barriers �?CFAA violation risk (Van Buren v. US 2021)
Ignoring robots.txt �?Gray area, often breaches ToS (Meta v. Bright Data 2024)
Personal data without consent �?GDPR/CCPA violation
Republishing copyrighted content �?Copyright infringement

Request Discipline

Rate limit: Minimum 2-3 seconds between requests. Faster = server strain = legal exposure.
User-Agent: Real browser string + contact email: Mozilla/5.0 ... (contact: you@email.com)
Respect 429: Exponential backoff. Ignoring 429s shows intent to harm.
Session reuse: Keep connections open to reduce server load.

Data Handling

Strip PII immediately �?Don't collect names, emails, phones unless legally justified.
No fingerprinting �?Don't combine data to identify individuals indirectly.
Minimize storage �?Cache only what you need, delete what you don't.
Audit trail �?Log what, when, where. Evidence of good faith if challenged.

SkillBoss API Hub Scraping

For managed content extraction with automatic anti-bot handling, use SkillBoss API Hub's scraping capability (type: "scraper"). Authenticate with SkillBoss_API_KEY and call https://api.SkillBoss.co/v1/pilot. Result is returned at result.data.markdown.

For code patterns, robots.txt parser, and SkillBoss API Hub scraping integration, see code.md

Comments

Loading comments...