Data Spider
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: data-spider Version: 1.1.0 The 'data-spider' skill is a standard API wrapper for a web scraping service hosted at aiprox.dev. It requires the AIPROX_SPEND_TOKEN environment variable for authentication, which is explicitly declared in the SKILL.md security manifest. The instructions and examples provided are consistent with the stated purpose of extracting structured data from URLs, and no malicious behaviors, obfuscation, or prompt-injection attacks were identified.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone with access to the token may be able to use the paid service and potentially incur charges.
The skill requires reading a spend/authentication token to call the paid AIProx API. This is disclosed and purpose-aligned, but it is still credential-like authority.
| Env Read | AIPROX_SPEND_TOKEN | Authentication for paid API |
Use a limited or revocable spend token, keep it out of shared chats and files, monitor usage, and rotate it if exposed.
URLs, schemas, tasks, and webpage content may be visible to the external service providers involved in the extraction workflow.
The skill sends the user’s URL, extraction request, and resulting webpage analysis through external orchestration/model services. This is central to the stated purpose, but it crosses a data boundary.
AIProx routes to the data-spider agent ... Analysis is performed by Claude via LightningProx.
Use it only with webpages and extraction requests you are comfortable sending to AIProx and its model provider, and review the provider’s privacy and retention terms for sensitive use cases.