ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Scrapling

v1.0.8

Adaptive web scraping framework with anti-bot bypass and spider crawling.

3· 2.7k·86 current·90 all-time
byohnednez@zendenho7
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name, description, SKILL.md examples, and the included run.sh all align: this is a Python-based web scraping/crawling skill that expects python3 and uses the 'scrapling' Python package. Requests for browser automation (playwright) and optional cloudscraper are coherent with an anti-bot/stealth scraping feature set.
Instruction Scope
SKILL.md instructs the agent to run library calls and CLI commands to fetch and crawl pages; it does not instruct reading unrelated local files or exfiltrating data to hidden endpoints. However, it explicitly documents anti-bot/Cloudflare bypass and adaptive reverse-engineering techniques — powerful capabilities that are within scraping scope but can be used to evade protections.
Install Mechanism
This is instruction-only (no packaged install spec), but run.sh will call pip to install 'scrapling' and extras and suggests running 'playwright install'. Installation pulls code from PyPI/GitHub as documented rather than arbitrary download URLs, which is expected but means runtime will install third-party packages into the environment.
Credentials
The skill declares only python3 as a required binary and requests no environment variables or credentials. The SKILL.md notes that credentials are required for login-protected sites, which is appropriate and not requested automatically by the skill.
Persistence & Privilege
The skill does not request always:true and does not modify other skills or system-wide agent settings. It runs on-demand and/or via included run.sh; normal autonomous invocation is allowed by default but not exceptional here.
Assessment
This skill appears to be what it says — a Python web-scraper that can use stealth/browser automation and install extras via pip. Before installing or running it: 1) verify the upstream project (the SKILL.md references a GitHub repo and docs) and confirm the package on PyPI is the expected project/version; 2) install in an isolated environment (virtualenv/container) because pip will install third-party packages and browsers (Playwright); 3) be aware the tool includes anti-bot and Cloudflare-bypass techniques — such features can violate websites' terms of service or laws in some jurisdictions, so only use against sites you are authorized to scrape; 4) avoid feeding sensitive credentials into scripts unless you control the target and understand the risks; and 5) if you need higher assurance, request a provenance/source check or package hashes from the skill author before use.

Like a lobster shell, security has layers — review code before you run it.

crawlingvk97374wc5rxhe82s5bh2gm8hxn81r8nslatestvk97ahcmbttd252pwm2gmhvqb7981vkgaresearchvk97374wc5rxhe82s5bh2gm8hxn81r8nsweb-scrapingvk97374wc5rxhe82s5bh2gm8hxn81r8ns

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🕷️ Clawdis
Binspython3

Comments