Price Monitor
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill appears to do what it says—monitor prices with browser automation and local CSV logging—but users should review the target list, scheduling, logging, and undeclared agent-browser dependency before use.
Before installing, confirm you trust the included script and your `agent-browser` installation, use only product lists you intend to monitor, respect website access rules, and keep the generated history CSV private if it reveals personal or business interests.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A bad or overly broad product list could make the agent browse unintended sites or collect unintended page text.
The script drives browser automation against URLs and selectors loaded from the product CSV. This is central to the stated monitoring purpose, but the CSV controls where the browser goes and what page text is captured.
run_agent_browser(["open", url]) ... run_agent_browser(["get", "text", selector])
Use trusted product CSV files, restrict them to sites you are allowed to monitor, and consider allowlists or stronger rate limiting for routine runs.
Using proxy or user-agent rotation to bypass blocking can violate site rules or create abuse-risk for monitored websites.
The documentation suggests workarounds when a site blocks automation. This is not implemented automatically in the script, but it is guidance users should treat carefully.
Blocked by site: Add delays, rotate user agents, or use residential proxy
Prefer official APIs, respect robots.txt and site terms, and avoid bypassing explicit access controls or anti-bot restrictions.
The skill may fail or use whichever `agent-browser` executable is available in the environment.
The provided script invokes `agent-browser`, so the runtime dependency is not fully reflected in the install metadata. The dependency is visible in the docs and code, so this is a transparency/setup note rather than hidden behavior.
No install spec — this is an instruction-only skill. Required binaries (all must exist): none
Verify that `agent-browser` is installed from a trusted source and consider declaring it explicitly in the skill metadata.
The history file can reveal shopping, business, or competitor-monitoring interests, and it stores text obtained from external webpages.
The script persists monitored product names, URLs, extracted price text, timestamps, and status to a local CSV history file that is later loaded for comparisons.
fieldnames = ['timestamp', 'name', 'url', 'price', 'status'] ... writer.writerow(result)
Keep history files in an appropriate private location, avoid sharing them unintentionally, and treat logged webpage text as untrusted data if opening or processing the CSV elsewhere.
A scheduled job would keep browsing configured product pages and writing history until the user disables it.
The documentation shows a user-directed cron schedule for recurring checks. This is expected for monitoring, but it is persistent activity if the user installs it.
0 9 * * * cd /path/to/skill && python scripts/monitor_prices.py products.csv
Only add the cron job if ongoing monitoring is desired, and document or remove the schedule when it is no longer needed.