ClawHub

FlowCrawl — Stealth Web Scraper That Bypasses Everything

Security checks across malware telemetry and agentic risk

Overview

FlowCrawl is an openly disclosed stealth web scraper, but it is framed and implemented to bypass bot protections on arbitrary sites without clear authorization controls.

Install only for authorized scraping or defensive testing of sites you have permission to access. Review the Scrapling/Playwright dependency, avoid using it to bypass third-party protections without consent, use conservative crawl limits and output paths, and be aware that the alias changes your shell startup file.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The README explicitly promotes stealth scraping, browser-mimicking requests, and deep crawling while downplaying the fact that the tool sends deceptive traffic to third-party sites and can persist scraped content locally at scale. In an agent skill context, insufficient disclosure of these behaviors increases the risk of unauthorized collection, terms-of-service violations, and unintended data retention by users who may invoke the skill as if it were a normal fetch utility.

Natural-Language Policy Violations

Medium
Confidence
95% confidence
Finding
The README markets the skill as able to scrape 'any site' and bypass Cloudflare, bot detection, and WAFs, which is effectively guidance for evading access controls rather than ordinary web retrieval. Because this is an agent-integrated skill, such framing materially increases misuse risk by encouraging users to target protected sites without clear authorization checks, policy guardrails, or opt-in restrictions.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The description is extremely broad and high-risk: it says to use the skill for scraping any website and bypassing bot protection, Cloudflare, and WAFs automatically. That makes it likely to be invoked for routine browsing or extraction tasks where a safer tool would suffice, while normalizing defensive-control evasion as a default capability.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The top-level text 'Scrape any website. Bypass any bot protection. Free.' is not just broad; it explicitly promotes evasion of access controls and bot-detection mechanisms. In this context, the skill is more dangerous because its stated purpose centers on defeating protective systems rather than ordinary, compliant web retrieval.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill instructs users to append an alias into ~/.zshrc without warning that this modifies persistent shell configuration. Persistent environment changes can surprise users, interfere with existing setups, and normalize shell-writing behavior without informed consent.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
This code explicitly escalates from plain HTTP to stealth and full browser-based fetching to bypass Cloudflare, bot detection, and WAF controls, but provides no meaningful warning, consent gate, or restriction on use. In the context of a 'stealth web scraper' marketed for bypassing protections, the absence of user warning is not just a UX issue; it enables covert access attempts against protected sites and execution of dynamic browser fetches that may trigger legal, policy, or security consequences.

Missing User Warnings

Low
Confidence
84% confidence
Finding
The deep-crawl path persists scraped page contents to local storage without an explicit warning about file creation, retention, or the possibility of storing sensitive or copyrighted data gathered from the target site. Given this tool's purpose of bypassing protections and spidering entire sites, silent bulk persistence increases the risk of unintentionally retaining sensitive information on disk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal