Firecrawl Scrape Cn
v1.0.0从任意 URL 提取干净的 Markdown 内容,包括 JS 渲染的 SPA。当用户提供 URL 并想要其内容、说"抓取"、"抓网页"、"获取页面"、"从 URL 提取"或"读取网页"时使用此 Skill。支持 JS 渲染页面、多个并发 URL,返回 LLM 优化的 Markdown。
⭐ 0· 570·1 current·3 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description describe scraping arbitrary URLs (including JS-rendered SPA) into Markdown. The SKILL.md only asks the agent to invoke a 'firecrawl' CLI (or 'npx firecrawl'), save outputs to .firecrawl/, and optionally query results — these are appropriate for the stated purpose.
Instruction Scope
Runtime instructions are limited to running the firecrawl CLI with flags, writing output files (e.g., .firecrawl/page.md), and optionally asking a query. The docs do not instruct the agent to read unrelated system files, environment variables, or exfiltrate agent state. They advise quoting URLs and using grep/head, which is expected.
Install Mechanism
There is no install spec (instruction-only), which is low-risk, but the SKILL.md and allowed-tools explicitly reference 'npx firecrawl'. Using npx will fetch and execute a package from the npm registry at runtime — a legitimate delivery method for CLI tools but a moderate risk if the package/source is not verified. The skill does not declare an authoritative package source or checksum.
Credentials
The skill requests no environment variables, no credentials, and no config paths. This is proportionate for a web-scraping CLI that operates against arbitrary URLs provided by the user.
Persistence & Privilege
always:false and normal agent invocation; the skill writes its own output files under .firecrawl/ which is reasonable. It does not request permanent system-wide presence or modify other skills' configs.
Assessment
This skill is coherent for scraping web pages into Markdown, but before installing or invoking it: (1) Prefer a vetted binary — if you must use 'npx firecrawl', understand npx will download and run code from the npm registry at runtime; only run it if you trust the package and maintainer. (2) Consider pre-installing the firecrawl CLI from a trusted release (and verify signatures/checksums) instead of using npx. (3) Scraped content will be written to .firecrawl/ in the agent environment — review filesystem permissions and sensitive data that might be captured. (4) Be mindful of legal and robots.txt/crawling rules for target sites and avoid providing credentials to the scraper unless necessary. (5) If you need higher assurance, request the skill source or an install spec pointing to an official release host (GitHub release or package registry info) before enabling.Like a lobster shell, security has layers — review code before you run it.
chinesevk977n3jwvrke6rgtvgw004j80n83hajjlatestvk977n3jwvrke6rgtvgw004j80n83hajjweb-scrapingvk977n3jwvrke6rgtvgw004j80n83hajj
License
MIT-0
Free to use, modify, and redistribute. No attribution required.