v1.0.0

Agent Vision Scraper

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 6:22 AM.

Analysis

This skill is a powerful website automation tool that deliberately bypasses anti-bot/CAPTCHA protections and exposes an unauthenticated VNC browser session, so it needs careful review before installation.

GuidanceInstall only if you need authorized browser automation against sites you control or have permission to test. Before use, obtain the missing Dockerfile/install details, pin dependencies, avoid real credentials in prompts, use a minimal dedicated .env file, and do not expose the passwordless VNC port.

Findings (5)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityHighConfidenceHighStatusConcern

SKILL.md

Playwright Stealth - 绕过常见反爬检测 ... Vision 验证码识别 - 利用 LLM 视觉能力破解图形验证码

The skill explicitly instructs use of stealth automation to bypass anti-scraping checks and use vision to solve CAPTCHAs, with no documented authorization or target-scope limits.

User impactUsing this on sites you do not control could bypass site protections, violate terms, trigger account bans, or cause legal/compliance issues.

RecommendationUse only on sites and accounts you own or are explicitly authorized to test; add domain allowlists and require confirmation before CAPTCHA bypass, login, form submission, or data extraction.

Tool Misuse and Exploitation

SeverityHighConfidenceHighStatusConcern

README.md

docker run --rm --env-file .env -p 5900:5900 ... 密码: 无（免密）

The documented run command exposes VNC on port 5900 and the README states there is no VNC password, while the browser may be handling logins or sensitive pages.

User impactAnyone who can reach the exposed VNC port may be able to view the live browser session and potentially see credentials, private page contents, or task results.

RecommendationDisable VNC unless needed, bind it only to localhost, require a strong VNC password or SSH tunnel, and never expose port 5900 on an untrusted network.

Agentic Supply Chain Vulnerabilities

SeverityMediumConfidenceHighStatusConcern

metadata

Source: unknown; Homepage: none; No install spec — this is an instruction-only skill. File manifest: README.md, agent-scraper.js, package.json, skill.md

For a skill that instructs Docker image building and browser-agent execution, the provided artifacts lack a source/homepage, install spec, and the Dockerfile referenced by the documentation.

User impactThe advertised Docker environment and build process are not fully reviewable from the supplied artifacts, increasing the chance of broken setup or unreviewed code being added later.

RecommendationRequire a complete Dockerfile, lockfile, and install spec before installing; pin dependency versions and build only from reviewed artifacts.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityMediumConfidenceHighStatusConcern

agent-scraper.js

const userInstruction = process.argv[3]; ... console.log(`[-] 正在执行指令: "${augmentedInstruction}"`); ... await agentBrowser.execute(augmentedInstruction);

The code prints and forwards the full user instruction to the browser agent; the README examples show that such instructions may contain website usernames and passwords.

User impactIf you include real account credentials in the task text, they may appear in container logs and be passed into the agent-browser workflow.

RecommendationDo not put real credentials directly in prompts; use scoped test accounts, secure secret injection, and redact sensitive values from logs.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication

SeverityMediumConfidenceHighStatusNote

README.md

4. **视觉分析** - 截图发送给 LLM 分析

The workflow explicitly sends page screenshots to an LLM for analysis, which is expected for a vision scraper but can include private page content.

User impactScreenshots of pages, forms, account screens, or scraped data may be processed by an external model provider depending on the configured LLM.

RecommendationUse dedicated API keys, review the model provider’s data policy, and avoid running this on sensitive accounts or private pages unless that data sharing is acceptable.