Web Scraper
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This appears to be a straightforward web-scraping helper, but users should notice that it automates a browser against arbitrary websites and has some under-declared setup/packaging details.
Before installing, confirm you are comfortable with a tool that automates a browser to scrape user-chosen websites and writes results to local files. Make sure agent-browser is installed from a trusted source, avoid bypassing site restrictions without permission, and verify that any missing documented scripts are not required for your workflow.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent can automate visits and data extraction from websites, which may create terms-of-service, rate-limit, or privacy issues if used carelessly.
The skill intentionally gives the agent broad browser-automation capability over user-supplied websites. That fits the scraper purpose, but users should control targets, page counts, and compliance with site rules.
Extract structured data from any website with support for JavaScript-rendered content, pagination, and complex selectors.
Use only on sites where scraping is permitted, keep page counts and delays reasonable, and review the target URL and extracted fields before running.
Following this advice could increase legal or account-risk exposure if used to bypass a website's access controls or anti-bot policies.
The documentation includes anti-scraping countermeasure advice. It is disclosed and not implemented as hidden code, but it could encourage use against sites that are trying to limit automated access.
| IP blocking | Use proxies, rotate IPs |
Prefer permission-based scraping and do not use proxy rotation, CAPTCHA services, or similar measures to bypass restrictions without clear authorization.
The skill may fail or use whatever local agent-browser binary is available, which affects reliability and provenance expectations.
The script depends on a local agent-browser executable, while the registry requirements declare no required binaries. The dependency is purpose-aligned and mentioned in the README, but it is under-declared in metadata.
cmd = ["agent-browser"] + args
Declare agent-browser as a required binary and document the expected version or installation source.
Some advertised workflows may not work as documented, or users may look for missing code outside the reviewed artifact set.
The documentation references scraper scripts that are not present in the supplied file manifest, which is a packaging/documentation mismatch rather than evidence of malicious behavior.
### scrape_infinite_scroll.py Scrape pages with infinite scroll loading. ... ### scrape_dynamic.py
Package the referenced scripts or remove/update those sections so users do not rely on unreviewed or absent helpers.