← Back to Skills Marketplace
Traktor Web Scraper
by
dorukardahan
· GitHub ↗
· v1.0.0
650
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install traktor
Description
Extract all assets and content from websites including images, SVGs, fonts, videos, and page structure. Parallel agents with thorough scraping coverage. Trig...
Usage Guidance
This skill appears to be a high-coverage web scraper and is coherent with that purpose, but it has operational risks you should consider before installing:
- Sanitize input: The SKILL.md substitutes a derived {site-name} directly into mkdir bash commands. A specially crafted URL could lead to unsafe directory names or path/command injection. Only run this against sanitized or trusted inputs, or ensure the implementation safely escapes filenames.
- Resource and scope control: The skill spawns background Task subagents and promises 'paranoid' thoroughness. That can create many concurrent crawlers, consume large bandwidth/storage, and potentially overload systems or your agent environment. Limit the number of parallel jobs and set clear depth/size limits before running.
- Data sensitivity: The scraper runs JavaScript in page context and will download whatever assets it finds. Do not run it against authenticated/private dashboards or sites with sensitive data you do not own — it can capture private content and credentials present in pages.
- Browser-extension dependency: It requires the claude-in-chrome MCP server (a browser extension) to function. Installing or enabling that extension is a separate trust decision because it gives the extension access to pages visited during scraping.
- Test in a sandbox: Before using on real targets, run the skill in a controlled environment with harmless test sites to confirm behavior (what it downloads, how it names files, and how many background agents it spawns).
If you want to proceed, ask the skill author (or the platform integrator) to: (1) explicitly document and enforce filename/path sanitization, (2) provide configurable limits for concurrency and crawl depth, and (3) state whether the Task tool yields any external network uploads or telemetry beyond saving to PROJECT_DIR.
Capability Analysis
Type: OpenClaw Skill
Name: traktor
Version: 1.0.0
The skill is suspicious due to multiple potential shell injection vulnerabilities. In SKILL.md, Step 2, the `mkdir` command uses `{site-name}` derived from user-provided URLs without explicit sanitization, posing a risk if a malicious URL is crafted. More critically, in Step 3, Phase 4, the `curl` commands for downloading assets construct filenames using `{descriptive-name}` which is explicitly stated to come from 'alt text or context' of the scraped website. If this untrusted website content is directly inserted into the `curl` command without sanitization, it creates a severe shell injection vulnerability, allowing arbitrary command execution on the agent's host system.
Capability Assessment
Purpose & Capability
The name/description (extract all site assets) aligns with the instructions: create asset folders, drive a browser via mcp__claude-in-chrome__* tools, run page JS to discover assets, and spawn Task subagents to process each site. No unrelated credentials, binaries, or installs are requested.
Instruction Scope
Instructions direct the agent to create directories in the current working directory, spawn background Task subagents for each URL, navigate pages, run arbitrary JS in page context, and perform thorough crawling. The SKILL.md does not require or show any sanitization of derived values (e.g., {site-name} used directly in mkdir commands) — this can lead to shell/path injection or unintended filesystem writes. The spec also enables wide crawling (likely including following links and downloading many assets) which can capture sensitive or private content and consume large amounts of bandwidth/storage.
Install Mechanism
Instruction-only skill with no install spec or code files reduces installer-side risk. The skill does require an external browser-extension MCP to be present (claude-in-chrome), but does not attempt to install it.
Credentials
No environment variables, credentials, or config paths are requested. This is proportionate for a scraper that operates via the browser automation tools described.
Persistence & Privilege
always is false and disable-model-invocation is false (normal). However, the skill instructs use of the Task tool with run_in_background=true to spawn parallel subagents — combined with its 'paranoid' thoroughness this can create many autonomous background tasks and heavy resource usage. The skill does not request modification of other skills or system-wide settings.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install traktor - After installation, invoke the skill by name or use
/traktor - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial publish
Metadata
Frequently Asked Questions
What is Traktor Web Scraper?
Extract all assets and content from websites including images, SVGs, fonts, videos, and page structure. Parallel agents with thorough scraping coverage. Trig... It is an AI Agent Skill for Claude Code / OpenClaw, with 650 downloads so far.
How do I install Traktor Web Scraper?
Run "/install traktor" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Traktor Web Scraper free?
Yes, Traktor Web Scraper is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Traktor Web Scraper support?
Traktor Web Scraper is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Traktor Web Scraper?
It is built and maintained by dorukardahan (@dorukardahan); the current version is v1.0.0.
More Skills