← Back to Skills Marketplace
Kekik Crawler
by
Ömer Faruk Sancak
· GitHub ↗
· v0.1.0-rc1
726
Downloads
0
Stars
4
Active Installs
1
Versions
Install in OpenClaw
/install kekik-crawler
Description
Scrapling-only, deterministic web crawler with clean SRP architecture, presets, checkpointing, and JSONL/report outputs.
README (SKILL.md)
Kekik Crawler
Scrapling tabanlı, browser'sız crawler.
Quick Start
pip install -r requirements.txt
python main.py --urls https://example.org
Presets
python main.py --queries "Ömer Faruk Sancak" keyiflerolsun --preset person-research --out outputs/person.jsonl --report outputs/person-report.json
python main.py --queries "Ömer Faruk Sancak" keyiflerolsun --preset deep-research --out outputs/deep.jsonl --report outputs/deep-report.json
Notes
- Output files are under
outputs/ - Main entrypoint:
main.py - Orchestration:
core/crawl_runner.py
Usage Guidance
This package appears to be a straightforward local crawler, but review a few things before running: 1) Presets (person-research, deep-research) set no_robots=True — they will ignore robots.txt; only use that for acceptable targets. 2) The plugin system loads and executes Python files from the plugins directory — inspect any plugins you use (and do not point plugin_dir at an untrusted path). 3) The runtime will fetch pages and write outputs/cache/checkpoint files under outputs/; run in an isolated directory or container if you want to limit side effects. 4) The instructions require pip installing dependencies from PyPI (notably scrapling); verify package versions and provenance. If you want lower risk, run the tests (pytest) and review the included plugins and requirements before executing the crawler against external or internal networks.
Capability Analysis
Type: OpenClaw Skill
Name: kekik-crawler
Version: 0.1.0-rc1
The skill is a web crawler that performs legitimate web fetching and local file storage. However, it is classified as 'suspicious' due to a significant Remote Code Execution (RCE) vulnerability. The `core/plugin_manager.py` module dynamically loads Python files from a user-specified `plugin_dir` (via `importlib.util.spec_from_file_location` and `spec.loader.exec_module`). While the default `plugin_dir` is 'plugins/' within the skill bundle, an attacker who can control the `--plugins` argument in `main.py` could point it to an arbitrary directory containing malicious Python code, leading to arbitrary code execution. There is no evidence of intentional malicious behavior such as data exfiltration, persistence, or prompt injection against the agent in the provided code or documentation.
Capability Assessment
Purpose & Capability
The code implements a scrapling-based crawler and matches the name/description: crawl orchestration, fetcher, plugins, checkpointing, JSONL outputs and a report. No unrelated env vars, binaries, or external services are requested.
Instruction Scope
SKILL.md instructs pip install -r requirements.txt and running main.py which will fetch arbitrary web pages, write outputs/cache/checkpoint files, and load plugins from a plugin directory. The runtime can fetch robots.txt and search engine pages (DuckDuckGo/Bing/Yahoo/Brave). Plugin loading uses importlib.exec_module (executing plugin code) — expected for a plugin system, but worth reviewing.
Install Mechanism
No registry install spec is provided; the README/SKILL.md asks to pip install requirements.txt (selectolax, tenacity, orjson, scrapling). Installing from PyPI is normal but carries the usual supply-chain risk (verify packages/versions). There are no downloads from arbitrary URLs or archives in the manifest.
Credentials
The skill declares no required environment variables or credentials, which is proportionate for a web crawler. It writes local files (outputs/, SQLite cache) and does not request unrelated secrets.
Persistence & Privilege
always:false and no modifications to other skills or system-wide configs. The skill stores checkpoints, cache, and reports under outputs/ (normal). Note: presets intentionally set no_robots=True for research presets, which increases crawling aggressiveness but is an operational choice rather than a permission request.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install kekik-crawler - After installation, invoke the skill by name or use
/kekik-crawler - Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.0-rc1
First release candidate: Scrapling-only deterministic crawler with SRP architecture, presets, tests, and reporting.
Metadata
Frequently Asked Questions
What is Kekik Crawler?
Scrapling-only, deterministic web crawler with clean SRP architecture, presets, checkpointing, and JSONL/report outputs. It is an AI Agent Skill for Claude Code / OpenClaw, with 726 downloads so far.
How do I install Kekik Crawler?
Run "/install kekik-crawler" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Kekik Crawler free?
Yes, Kekik Crawler is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Kekik Crawler support?
Kekik Crawler is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Kekik Crawler?
It is built and maintained by Ömer Faruk Sancak (@keyiflerolsun); the current version is v0.1.0-rc1.
More Skills