ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Web Scraper Seller

v1.0.0

Build custom web scrapers for websites, offering single-page, multi-page, and real-time data extraction with CSV/JSON export and API delivery options.

0· 63·0 current·0 all-time
by@yongtaop1-sys
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description advertise building scrapers, CSV/JSON export, APIs, and scheduled updates, but the skill contains no code, no APIs, and no declared dependencies — only a price list and contact info. That mismatch means the skill does not actually implement the capabilities it claims.
Instruction Scope
SKILL.md is a sales pitch with no runtime instructions for performing scraping. It does not tell the agent to read files, access env vars, or call external services, but it does provide external contact channels (email, Telegram) that a user would be expected to use to transact. The lack of concrete operational instructions is ambiguous and could lead users to share data with the external seller.
Install Mechanism
No install spec and no code files are present (instruction-only). That minimizes direct execution/install risk since nothing will be written to disk by the skill itself.
Credentials
The skill declares no required environment variables, binaries, or credentials. There is no apparent request for secrets or unrelated credentials in the metadata or SKILL.md.
Persistence & Privilege
Skill is not always-enabled and uses default invocation settings. It does not request elevated privileges or modify other skills or system settings.
What to consider before installing
This appears to be a vendor advertisement, not a working scraper. Before installing or using it: (1) understand it contains no scraping code — the seller expects you to contact them via email/Telegram to complete work; (2) avoid sending sensitive data (credentials, proprietary datasets) to unknown third parties over email or messaging; (3) prefer skills that perform scraping locally or via well-known integrations and that disclose necessary permissions/credentials; (4) if you consider engaging the vendor, verify their identity and reputation independently and use safe payment/contracting practices.

Like a lobster shell, security has layers — review code before you run it.

latestvk9751mgnxe2ggv6g0xr9zgsbwd83egby

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments