ClawHub

XCrawl Scrape

v1.0.2

Use this skill for XCrawl scrape tasks, including single-URL fetch, format selection, sync or async execution, and JSON extraction with prompt or json_schema.

0· 1.3k·9 current·10 all-time
by@wykings

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for wykings/xcrawl-scrape.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "XCrawl Scrape" (wykings/xcrawl-scrape) from ClawHub.
Skill page: https://clawhub.ai/wykings/xcrawl-scrape
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install xcrawl-scrape

ClawHub CLI

Package manager switcher

npx clawhub@latest install xcrawl-scrape
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (XCrawl scraping: single-URL fetch, sync/async, JSON extraction) aligns with the actual instructions which call https://run.xcrawl.com/v1/scrape. The declared tool dependencies (curl or node) and the local config file (~/.xcrawl/config.json) are coherent for an API-key based client.
Instruction Scope
SKILL.md instructs only to read the local config file for XCRAWL_API_KEY, then make HTTP requests to the XCrawl API using curl or node. It does not instruct reading other user files, scanning the system, or transmitting unrelated data. The webhook feature exists as part of the API (user-specified callback URL) — expected for async scrape workflows but a user-controlled sink.
Install Mechanism
This is an instruction-only skill with no install spec and no code files, so nothing is downloaded or written by an installer. That minimizes install-time risk.
Credentials
No global environment variables or external credentials are requested. The skill requires a single locally stored API key (~/.xcrawl/config.json), which is proportionate to calling a paid scraping API. Note: storing an API key as plaintext in a home directory is sensitive but is a user configuration choice rather than a requirement of the skill.
Persistence & Privilege
The skill does not request always:true and is user-invocable only. It does request runtime execution permissions for curl/node (consistent with examples). There is no instruction to modify other skills or system-wide agent settings.
Assessment
This skill is internally consistent with a client for the XCrawl scraping API. Before installing: (1) Confirm you trust xcrawl.com and your API key issuer; (2) Consider storing your API key in a secure secret manager rather than an unencrypted ~/.xcrawl/config.json file; (3) Be cautious with webhook URLs you supply — they will receive scraped content; (4) Review any use of skip_tls_verification or proxies in request options (these lower network security); (5) Remember this skill runs curl/node commands at runtime (so the agent will need those tools available). If any of the above is unacceptable, don't install or ask the publisher for alternative auth/storage methods.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

Any bincurl, node
latestvk972nv6mmzbkxg5tatt2mxcwax82r83k
1.3kdownloads
0stars
3versions
Updated 1mo ago
v1.0.2
MIT-0
@wykings
latest
Download

XCrawl Scrape

Overview

This skill handles single-page extraction with XCrawl Scrape APIs. Default behavior is raw passthrough: return upstream API response bodies as-is.

Required Local Config

Before using this skill, the user must create a local config file and write XCRAWL_API_KEY into it.

Path: ~/.xcrawl/config.json

{
  "XCRAWL_API_KEY": "<your_api_key>"
}

Read API key from local config file only. Do not require global environment variables.

Credits and Account Setup

Using XCrawl APIs consumes credits. If the user does not have an account or available credits, guide them to register at https://dash.xcrawl.com/. After registration, they can activate the free 1000 credits plan before running requests.

Tool Permission Policy

Request runtime permissions for curl and node only. Do not request Python, shell helper scripts, or other runtime permissions.

API Surface

  • Start scrape: POST /v1/scrape
  • Read async result: GET /v1/scrape/{scrape_id}
  • Base URL: https://run.xcrawl.com
  • Required header: Authorization: Bearer <XCRAWL_API_KEY>

Usage Examples

cURL (sync)

API_KEY="$(node -e "const fs=require('fs');const p=process.env.HOME+'/.xcrawl/config.json';const k=JSON.parse(fs.readFileSync(p,'utf8')).XCRAWL_API_KEY||'';process.stdout.write(k)")"

curl -sS -X POST "https://run.xcrawl.com/v1/scrape" \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer ${API_KEY}" \
  -d '{"url":"https://example.com","mode":"sync","output":{"formats":["markdown","links"]}}'

cURL (async create + result)

API_KEY="$(node -e "const fs=require('fs');const p=process.env.HOME+'/.xcrawl/config.json';const k=JSON.parse(fs.readFileSync(p,'utf8')).XCRAWL_API_KEY||'';process.stdout.write(k)")"

CREATE_RESP="$(curl -sS -X POST "https://run.xcrawl.com/v1/scrape" \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer ${API_KEY}" \
  -d '{"url":"https://example.com/product/1","mode":"async","output":{"formats":["json"]},"json":{"prompt":"Extract title and price."}}')"

echo "$CREATE_RESP"

SCRAPE_ID="$(node -e 'const s=process.argv[1];const j=JSON.parse(s);process.stdout.write(j.scrape_id||"")' "$CREATE_RESP")"

curl -sS -X GET "https://run.xcrawl.com/v1/scrape/${SCRAPE_ID}" \
  -H "Authorization: Bearer ${API_KEY}"

Node

node -e '
const fs=require("fs");
const apiKey=JSON.parse(fs.readFileSync(process.env.HOME+"/.xcrawl/config.json","utf8")).XCRAWL_API_KEY;
const body={url:"https://example.com",mode:"sync",output:{formats:["markdown","json"]},json:{prompt:"Extract title and publish date."}};
fetch("https://run.xcrawl.com/v1/scrape",{
  method:"POST",
  headers:{"Content-Type":"application/json",Authorization:`Bearer ${apiKey}`},
  body:JSON.stringify(body)
}).then(async r=>{console.log(await r.text());});
'

Request Parameters

Request endpoint and headers

  • Endpoint: POST https://run.xcrawl.com/v1/scrape
  • Headers:
  • Content-Type: application/json
  • Authorization: Bearer <api_key>

Request body: top-level fields

FieldTypeRequiredDefaultDescription
urlstringYes-Target URL
modestringNosyncsync or async
proxyobjectNo-Proxy config
requestobjectNo-Request config
js_renderobjectNo-JS rendering config
outputobjectNo-Output config
webhookobjectNo-Async webhook config (mode=async)

proxy

FieldTypeRequiredDefaultDescription
locationstringNoUSISO-3166-1 alpha-2 country code, e.g. US / JP / SG
sticky_sessionstringNoAuto-generatedSticky session ID; same ID attempts to reuse exit

request

FieldTypeRequiredDefaultDescription
localestringNoen-US,en;q=0.9Affects Accept-Language
devicestringNodesktopdesktop / mobile; affects UA and viewport
cookiesobject mapNo-Cookie key/value pairs
headersobject mapNo-Header key/value pairs
only_main_contentbooleanNotrueReturn main content only
block_adsbooleanNotrueAttempt to block ad resources
skip_tls_verificationbooleanNotrueSkip TLS verification

js_render

FieldTypeRequiredDefaultDescription
enabledbooleanNotrueEnable browser rendering
wait_untilstringNoloadload / domcontentloaded / networkidle
viewport.widthintegerNo-Viewport width (desktop 1920, mobile 402)
viewport.heightintegerNo-Viewport height (desktop 1080, mobile 874)

output

FieldTypeRequiredDefaultDescription
formatsstring[]No["markdown"]Output formats
screenshotstringNoviewportfull_page / viewport (only if formats includes screenshot)
json.promptstringNo-Extraction prompt
json.json_schemaobjectNo-JSON Schema

output.formats enum:

  • html
  • raw_html
  • markdown
  • links
  • summary
  • screenshot
  • json

webhook

FieldTypeRequiredDefaultDescription
urlstringNo-Callback URL
headersobject mapNo-Custom callback headers
eventsstring[]No["started","completed","failed"]Events: started / completed / failed

Response Parameters

Sync create response (mode=sync)

FieldTypeDescription
scrape_idstringTask ID
endpointstringAlways scrape
versionstringVersion
statusstringcompleted / failed
urlstringTarget URL
dataobjectResult data
started_atstringStart time (ISO 8601)
ended_atstringEnd time (ISO 8601)
total_credits_usedintegerTotal credits used

data fields (based on output.formats):

  • html, raw_html, markdown, links, summary, screenshot, json
  • metadata (page metadata)
  • traffic_bytes
  • credits_used
  • credits_detail

credits_detail fields:

FieldTypeDescription
base_costintegerBase scrape cost
traffic_costintegerTraffic cost
json_extract_costintegerJSON extraction cost

Async create response (mode=async)

FieldTypeDescription
scrape_idstringTask ID
endpointstringAlways scrape
versionstringVersion
statusstringAlways pending

Async result response (GET /v1/scrape/{scrape_id})

FieldTypeDescription
scrape_idstringTask ID
endpointstringAlways scrape
versionstringVersion
statusstringpending / crawling / completed / failed
urlstringTarget URL
dataobjectSame shape as sync data
started_atstringStart time (ISO 8601)
ended_atstringEnd time (ISO 8601)

Workflow

  1. Restate the user goal as an extraction contract.
  • URL scope, required fields, accepted nulls, and precision expectations.
  1. Build the scrape request body.
  • Keep only necessary options.
  • Prefer explicit output.formats.
  1. Execute scrape and capture task metadata.
  • Track scrape_id, status, and timestamps.
  • If async, poll until completed or failed.
  1. Return raw API responses directly.
  • Do not synthesize or compress fields by default.

Output Contract

Return:

  • Endpoint(s) used and mode (sync or async)
  • request_payload used for the request
  • Raw response body from each API call
  • Error details when request fails

Do not generate summaries unless the user explicitly requests a summary.

Guardrails

  • Do not invent unsupported output fields.
  • Do not hardcode provider-specific tool schemas in core logic.
  • Call out uncertainty when page structure is unstable.

Comments

Loading comments...