Agent Vision Scraper
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This skill is a browser scraper that openly automates CAPTCHA and anti-bot bypass and exposes a no-password VNC session, so it needs careful review before use.
Install only if you need authorized browser automation and understand the risks. Do not use it to bypass protections on third-party sites without permission. Before running it, inspect or obtain the missing Dockerfile, pin dependencies, restrict API keys, and secure or disable the VNC port.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The tool could be used to bypass website protections, automate logins, submit forms, or scrape sites that intentionally try to block bots, which can create legal, account, or abuse risks.
The executable code enables stealth browser behavior and instructs the LLM-driven browser to solve CAPTCHA challenges and continue the task, making anti-bot/CAPTCHA bypass an active runtime behavior rather than just documentation.
chromium.use(StealthPlugin()); ... “识别出验证码的内容后,找到对应的输入框或坐标,执行填写或点击操作。验证通过后,继续执行核心任务。”
Use only on sites you own or are explicitly authorized to test. Add clear policy limits and require explicit user confirmation before solving CAPTCHAs, logging in, submitting forms, or scraping protected services.
Someone who can reach the VNC port may view or interfere with the browser session, including pages, scraped data, login flows, and credentials typed into websites.
The documented VNC interface exposes the live browser session without a password. With `-p 5900:5900`, the port may be reachable beyond the local machine depending on Docker and firewall configuration.
运行时映射了 5900 端口,可用 VNC 客户端连接查看浏览器操作过程 ... 地址: `localhost:5900` ... 密码: 无(免密)
Do not expose VNC without authentication. Bind it to localhost only, add a strong VNC password, or omit the port mapping unless interactive viewing is required.
Sensitive webpage contents may be shared with the configured LLM provider during automation.
The workflow sends browser screenshots to an LLM for visual analysis. This is purpose-aligned for a vision scraper, but screenshots may contain page content, account data, or credentials.
视觉分析 - 截图发送给 LLM 分析
Avoid using this on sensitive accounts or confidential pages unless the LLM provider, data handling, and retention policies are acceptable.
If broad or production API keys are used, the automation may consume quota/costs or expose data to the associated provider account.
The skill may use external provider credentials supplied through the environment. This is expected for LLM vision use, but the keys grant spending and provider-account authority.
OPENAI_API_KEY=sk-xxx ... ANTHROPIC_API_KEY=sk-ant-xxx
Use restricted, dedicated API keys with spending limits and rotate them after testing.
Users cannot fully verify the container build from the provided artifacts and may be pushed toward creating or using an unreviewed image.
The documentation relies on a Dockerfile to define the runtime image, but the supplied file manifest does not include a Dockerfile or install spec. For a browser-control tool, that missing build artifact is a material provenance gap.
docker build -t agent-scraper-image . ... ├── Dockerfile # Docker 镜像定义
Provide the Dockerfile, lockfiles, and a complete install spec, or avoid instructing users to build/run an image whose contents are not included in the reviewed package.