Phoenix Scraper
v1.0.0Resilient multi-layer web scraper with automatic failover. Use when scraping web content that may be JS-rendered, behind bot protection, or on sites that blo...
⭐ 0· 56·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Benign
high confidencePurpose & Capability
The code and SKILL.md align with the stated purpose: Brave Search, Bright Data Web Unlocker, and Playwright are legitimate components for a resilient scraper. However, the registry metadata claims no required environment variables while both SKILL.md and the code clearly expect BRIGHT_DATA_API_KEY and BRAVE_API_KEY (and optionally BRIGHT_DATA_ZONE). This metadata omission is an incoherence that users should be aware of.
Instruction Scope
Runtime instructions and the code stay within the scraper's scope: they call Brave and Bright Data APIs and use Playwright as a last resort. The references/x-api.md correctly recommends using the X API v2 (bearer token) rather than scraping X.com directly. The SKILL.md does not instruct reading unrelated system files or exfiltrating data to unexpected endpoints.
Install Mechanism
There is no formal install spec (instruction-only), which keeps disk footprint small. The code, however, depends on optional packages (playwright and optionally playwright-stealth) and Playwright requires installing browser binaries separately; SKILL.md mentions pip install commands but the skill does not declare these dependencies formally. Users should be prepared to install Playwright and run `playwright install chromium` if they intend to use Tier 3.
Credentials
The environment variables referenced in SKILL.md (BRIGHT_DATA_API_KEY, BRIGHT_DATA_ZONE, BRAVE_API_KEY, X_BEARER_TOKEN) are reasonable for this scraper. The code actively uses BRIGHT_DATA_API_KEY, BRIGHT_DATA_ZONE and BRAVE_API_KEY. X_BEARER_TOKEN is documented for X API usage but is not integrated into the scraper code provided. The metadata's failure to declare these required credentials is the main proportionality concern.
Persistence & Privilege
The skill does not request permanent/always-on inclusion and does not modify other skills or agent-wide settings. Autonomous invocation is allowed by default (standard), but nothing in this package elevates its privileges.
Assessment
This skill appears to do what it says: it uses Brave Search, Bright Data, and Playwright to fetch pages. Before installing or running it, do the following: 1) Provide and protect the required API keys (BRIGHT_DATA_API_KEY and BRAVE_API_KEY) — the package metadata does not list these, so you must set them yourself. 2) Be aware of costs and rate limits (Bright Data premium domains and Brave quotas can cause unexpected charges). 3) If you plan to use Tier 3, install Playwright and any browser binaries (pip install playwright && playwright install chromium); playwright-stealth is optional. 4) Confirm you have the right to scrape your targets and that use of residential proxies or bypass techniques complies with legal and platform policies. 5) Note that the docs mention an X_BEARER_TOKEN for using the X API, but the shipped scraper code does not use that token; if you need X.com data, integrate the X API calls explicitly and review rate limits/permissions. If you want higher assurance, ask the publisher to update registry metadata to declare required env vars and to provide a formal dependency/install manifest.Like a lobster shell, security has layers — review code before you run it.
brightdatavk9774e4yyba3e79rjn6enfnnwx84pgh1failovervk9774e4yyba3e79rjn6enfnnwx84pgh1latestvk9774e4yyba3e79rjn6enfnnwx84pgh1playwrightvk9774e4yyba3e79rjn6enfnnwx84pgh1scrapingvk9774e4yyba3e79rjn6enfnnwx84pgh1
License
MIT-0
Free to use, modify, and redistribute. No attribution required.