Back to skill
Skillv0.1.0
ClawScan security
Website Scraper Pro · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 10, 2026, 3:46 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code, instructions, and requirements are coherent with its stated purpose (single-page, JS-aware scraping) and do not request unrelated credentials or system access.
- Guidance
- This skill appears to do what it says: run a local Crawl4AI scraper for a single URL. Before installing or running it, check that the 'uv' binary on your system is the trusted tool you expect (it will execute the inline script block and install Python packages), and confirm you are comfortable having the 'crawl4ai' package and (optionally) Playwright download browser binaries (chromium) at runtime. Avoid scraping sensitive internal URLs. If you need stricter control, review the included Python files locally and run the script in an isolated environment before granting it broader agent access.
Review Dimensions
- Purpose & Capability
- okName/description, CLI flags, required binary 'uv', and included Python code all align: the skill runs a local Crawl4AI-based scraper for a single URL. No unexpected credentials, system paths, or unrelated binaries are requested.
- Instruction Scope
- okSKILL.md instructs running the bundled script via 'uv run'. The code fetches only the target URL, processes page HTML into markdown/JSON, and normalizes links. It does not read arbitrary host files or environment variables, nor does it post scraped data to external endpoints. It does suppress crawler stdout/stderr and handles browser-setup errors as expected.
- Install Mechanism
- noteRegistry has no install spec, but main.py contains an inline script header that 'uv run' will use to install the 'crawl4ai' dependency into an isolated environment. This is coherent for a bundled script, but it means network package installation will occur at runtime — verify you trust the package source and the 'uv' tool that performs the install.
- Credentials
- okNo environment variables, credentials, or config paths are requested. The tool asks only for a URL and optional flags, which is proportionate to its function.
- Persistence & Privilege
- okThe skill is not always-enabled and does not request elevated or persistent system privileges or modify other skills' configurations. Autonomous invocation by the agent is allowed (default) and consistent with normal skill behavior.