Web scraping skill using Chrome + WebMCP
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill does perform web scraping, but it tells the agent to control the real Chrome browser instead of a sandbox and to close tabs automatically, which needs review.
Before installing, consider running this only with a separate Chrome profile or sandbox. Save important tabs first, and do not let it scrape logged-in or private pages unless you explicitly intend that.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could scrape or interact with pages using your existing logged-in browser state if Chrome is already authenticated.
This directs the agent to automate the host Chrome environment rather than an isolated browser. Host Chrome may include the user's active profile, cookies, and logged-in sessions, but the skill does not define which sessions or sites are allowed.
1. **Use target="host"** instead of "sandbox"
Use a dedicated browser profile or sandbox for scraping, and require explicit user approval before accessing logged-in or private pages.
The agent may close browser tabs or navigate them away, potentially losing unsaved work or disrupting the user's browsing session.
The cleanup instruction can close tabs in the host browser without distinguishing tabs opened by this skill from the user's existing tabs.
**Must cleanup after each task**: - If multiple tabs exist, **keep only one**, close others ... After cleanup, ensure only one `about:blank` tab remains
Limit cleanup to tabs the skill opened, avoid using the user's main Chrome session, and ask before closing or navigating existing tabs.