Smart Scraper
v1.0.0AI-powered web scraper with intelligent structure recognition. Extracts lists, articles, and tables from any website with automatic type detection.
⭐ 0· 98·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description match the implementation: the code uses Playwright to load pages, auto-detect structure (list/article/table), and format outputs. Required binaries (node, npm) and the declared dependency on the Playwright package align with the scraper purpose. Minor oddity: SKILL.md install metadata lists only the 'playwright' package and marks a binary 'npx' — that doesn't fully reflect how the project is invoked (the CLI script uses 'tsx', which is listed only as a devDependency in package.json). This is an implementation/packaging mismatch but not evidence of malicious intent.
Instruction Scope
SKILL.md and the CLI limit behavior to visiting the provided URL and extracting content; instructions do not reference unrelated local files, other credentials, or remote endpoints. The code takes full-page screenshots (screenshot Buffer produced) and executes page.evaluate in the page context — both expected for headless-browser scraping but they can capture sensitive page content if you point the tool at authenticated or internal URLs. The skill does not itself transmit data to third-party endpoints, but the captured screenshot and extracted data will be available to whoever runs the CLI or the agent invoking the skill.
Install Mechanism
Install spec uses the public npm package 'playwright', which is typical for this functionality. Installing Playwright will also pull browser binaries (Playwright's install actions) and other npm packages from the registry; that is standard but increases install size and network download surface. The install metadata is minimal (only 'playwright') while the project expects to run via 'npm run scrape' using 'tsx' — the install spec does not explicitly install 'tsx' or devDependencies; users should run a full 'npm install' in a safe environment. The npm registry usage is normal and traceable (not a raw URL download).
Credentials
The skill requests no environment variables or credentials, which is appropriate for a generic scraper. Note: scraping authenticated or internal sites would require supplying credentials or cookies externally; the skill itself does not request or store any secrets.
Persistence & Privilege
The skill does not request permanent 'always' presence, does not alter other skills' config, and contains no self-enabling behavior. It runs as a CLI-driven tool and uses Playwright only when invoked.
Assessment
This skill appears to be a legitimate Playwright-based web scraper. Before installing or running it:
- Expect a large download: Playwright will fetch browser binaries and many npm packages. Install in a machine or container where large downloads are acceptable.
- Run npm install (not just installing 'playwright' alone) so the 'tsx' script runner is available; the SKILL.md install metadata is incomplete compared to package.json.
- Be cautious about what URLs you scrape: the tool captures full-page screenshots and page text (including any sensitive information visible on the page). Do not point it at private/internal sites, pages behind SSO, or pages containing secrets unless you understand and control the environment.
- Review package-lock.json and verify dependencies come from the official npm registry (it appears so here). If you need higher assurance, run the install in an isolated sandbox and/or inspect network activity during install.
- If you plan to run this as an automated agent skill, consider limits and policies so it cannot be pointed at sensitive targets autonomously.
If you want, I can: (1) point out the exact commands to run to install and run it safely in a container, or (2) highlight the few packaging mismatches (e.g., 'tsx' usage vs. install metadata) and propose a corrected install spec.Like a lobster shell, security has layers — review code before you run it.
latestvk976twt84r8f4aegr47bjga81n835mcv
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🕷️ Clawdis
Binsnode, npm
Install
Node
Bins: npx
npm i -g playwright