← Back to Skills Marketplace

Website Pickpocket

Name: Website Pickpocket
Author: zhenyangze

by zhenyangze · GitHub ↗ · v0.1.0 · MIT-0

cross-platform ⚠ suspicious

347

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install website-pickpocket-skill

Description

网站扒手 - 完美复刻任意网站的工具。支持静态/动态页面抓取、资源下载、多框架输出（原生HTML/React/Vue/Angular）。触发场景：(1) 抓取网站生成静态副本 (2) 将网站转换为React/Vue项目 (3) 离线浏览网站 (4) 网站备份迁移

Usage Guidance

This SKILL.md describes a powerful website-cloning tool but is only documentation — it provides no code, binaries, or trusted homepage. Before installing or running anything based on it: (1) verify the upstream project and install from an official release (the skill provides no install/source); (2) do not paste real session cookies, passwords, or secrets into configs unless you fully trust the code and install environment; (3) be aware of legal and terms-of-service issues when cloning sites and of rate limits/reputational risk; (4) expect to install heavy dependencies (Playwright and browser binaries, image libs) and ensure they come from trusted package sources; (5) if you want the agent to run this automatically, prefer a vetted packaged implementation rather than following these instructions verbatim. Because provenance is missing and required installs are non-trivial, treat this skill with caution.

Capability Analysis

Type: OpenClaw Skill Name: website-pickpocket-skill Version: 0.1.0 The 'website-pickpocket' skill (SKILL.md) describes a tool designed to 'perfectly replicate' any website into local projects or frameworks like React and Vue. While its stated purpose includes backup and migration, the tool's name and features—such as session/cookie cloning, anti-bot bypass, and deep recursive crawling—are high-risk capabilities frequently used for phishing and intellectual property theft. There is no explicit evidence of the tool attacking the host environment or exfiltrating user secrets, but its core functionality is highly conducive to malicious use.

Capability Assessment

ℹ Purpose & Capability

The SKILL.md consistently describes a website-cloning tool (static/dynamic scraping, framework outputs). However, the documented capabilities depend on significant third-party components (Playwright, Cheerio, Sharp, etc.) and browser binaries; the skill does not declare required binaries, environment variables, or provide an install mechanism. That omission is common for instruction-only skills but is a material mismatch between capability and what's provided.

ℹ Instruction Scope

Instructions are concrete (CLI flags, config file schema, workflow) and stay within the stated purpose. They do reference handling login/session data (cookies, localStorage), custom wait selectors, proxies, and user-agent spoofing — all expected for a scraper but also capable of accessing or transmitting sensitive session information if users supply it. The SKILL.md does not instruct the agent to access arbitrary system files or hidden credentials, but it does rely on user-provided session data.

⚠ Install Mechanism

No install spec is provided (instruction-only). Given the listed tech stack (Playwright requires browser installs; Sharp may need native libs), running the described tool would require installing multiple packages and browser binaries. The absence of guidance or a trustworthy upstream source/homepage increases risk: the agent/user might be asked to run or fetch unknown binaries to realize functionality.

ℹ Credentials

The skill requests no environment variables or credentials in metadata, which is proportional. However, the runtime docs encourage supplying session cookies/localStorage values in config. Those are sensitive and should only be supplied deliberately; the skill does not explain secure handling or storage of those values.

✓ Persistence & Privilege

The skill is not forced-always and does not request persistent privileges. It is user-invocable and can be invoked autonomously by the agent (default behavior), but there is no additional persistent system presence requested.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install website-pickpocket-skill
After installation, invoke the skill by name or use /website-pickpocket-skill
Provide required inputs per the skill's parameter spec and get structured output

Version History

v0.1.0

website-pickpocket-skill 0.1.0 – Initial Release - New tool for cloning any website, supporting both static and dynamic page scraping. - Outputs site replicas in multiple frameworks: native HTML, React, Vue, Angular, Svelte, with resource localization. - Command-line and interactive modes for flexible usage. - Advanced configuration options: crawl depth, concurrency, resource types, image optimization, login/session preservation, and URL filtering. - Automatic code generation for popular frameworks, with project structures matching React/Vue/Angular/Svelte conventions. - Includes troubleshooting, workflows, and template configuration files for rapid start.

Metadata

Slug website-pickpocket-skill

Version 0.1.0

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 1

Frequently Asked Questions

What is Website Pickpocket?

网站扒手 - 完美复刻任意网站的工具。支持静态/动态页面抓取、资源下载、多框架输出（原生HTML/React/Vue/Angular）。触发场景：(1) 抓取网站生成静态副本 (2) 将网站转换为React/Vue项目 (3) 离线浏览网站 (4) 网站备份迁移. It is an AI Agent Skill for Claude Code / OpenClaw, with 347 downloads so far.

How do I install Website Pickpocket?

Run "/install website-pickpocket-skill" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Website Pickpocket free?

Yes, Website Pickpocket is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Website Pickpocket support?

Website Pickpocket is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Website Pickpocket?

It is built and maintained by zhenyangze (@zhenyangze); the current version is v0.1.0.

More Skills