ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Web Scraper as a Service

v1.0.0

Build client-ready web scrapers with clean data output. Use when creating scrapers for clients, extracting data from websites, or delivering scraping projects.

3· 2.7k·18 current·20 all-time
bySean Wyngaard@seanwyngaard
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (web scraper service) match the SKILL.md: it enumerates scraping templates, generation of a Python scraper, data cleaning, and delivery packaging. There are no unrelated environment variables, binaries, or config paths requested that would be disproportionate to building scrapers.
Instruction Scope
The runtime instructions are focused on collecting page structure, generating scraper code, running scrapes, cleaning data, and packaging results. They explicitly recommend respecting robots.txt and ToS and avoiding personal data unless authorized. The instructions do require fetching target URLs (expected for scraping) but do not instruct reading unrelated local files or exfiltrating secrets.
Install Mechanism
This is an instruction-only skill with no install spec and no code files included. That minimizes code-on-disk risk; the instructions recommend standard Python packages (requests, BeautifulSoup, playwright) which is proportionate for the stated purpose.
Credentials
No environment variables, credentials, or config paths are requested; the requirement set is minimal and appropriate for a scraper template/instruction skill. The skill does not ask for unrelated secrets or broad system access.
Persistence & Privilege
The skill does not request always: true and is user-invocable only. It does not instruct modifying other skills or system-wide agent settings. Autonomous invocation is enabled by default but not combined with other elevated privileges.
Assessment
This skill appears coherent and focused on building scrapers, but consider these practical precautions before using it: (1) The skill will fetch arbitrary target URLs — ensure you (and your client) are authorized to scrape the target and that scraping does not violate site terms or laws. (2) Some sites use CAPTCHAs or anti-bot protections; the guidance mentions detecting these but does not instruct bypassing them — avoid attempting evasive or unauthorized bypass techniques. (3) If you execute generated scrapers, run them in an isolated environment (container/VM) and watch network usage and stored data to avoid accidental leakage of client or system secrets. (4) The skill has no stated source or homepage — if you need long-term support or guarantees, prefer vetted libraries or an authored/published implementation. (5) If scraping requires authenticated access to a target, expect you will need to supply credentials separately; the skill does not request or manage credentials itself.

Like a lobster shell, security has layers — review code before you run it.

latestvk971kcpg8n3ethpsewaxj7bqds813rky

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments