← 返回 Skills 市场
6257
总下载
5
收藏
101
当前安装
6
版本数
在 OpenClaw 中安装
/install scrapling
功能描述
Adaptive web scraping framework with anti-bot bypass and spider crawling.
安全使用建议
Install only after reviewing the helper script and limiting use to sites where you have permission to scrape. Avoid passing untrusted URLs, selectors, or spider files to run.sh, use an isolated virtual environment, and do not use the API-replication or bypass examples against paid, protected, rate-limited, or terms-prohibited services.
功能分析
Type: OpenClaw Skill
Name: scrapling
Version: 1.0.8
The skill bundle is classified as suspicious due to critical shell injection and arbitrary code execution vulnerabilities in the `run.sh` script. Specifically, the `fetch` and `stealth` modes directly interpolate user-supplied `$URL` and `$SELECTOR` into `python3 -c` commands without sanitization, allowing for arbitrary Python code or shell command injection. The `spider` mode is even more severe, directly executing the `$URL` argument as a Python script (`python3 "$URL"`), which is a clear arbitrary code execution risk. While the `SKILL.md` documentation describes powerful web scraping and API reverse engineering techniques (including Cloudflare bypass and auth token discovery) that could be misused, it presents them as a methodology rather than explicit instructions for malicious activity. The vulnerabilities in `run.sh` are implementation flaws, not evidence of intentional malice within the skill's stated purpose.
能力评估
Purpose & Capability
Web scraping, crawling, and browser fetching fit the stated purpose, but the skill also teaches hidden/premium API discovery, auth-header or token replication, and Cloudflare bypass in ways that exceed ordinary compliant scraping.
Instruction Scope
The documentation says not to use login-protected, paywalled, or TOS-prohibited sites, but later gives operational steps for finding premium endpoints, extracting client-side auth logic, and replaying requests.
Install Mechanism
run.sh automatically installs the unpinned scrapling package if missing, and install mode pulls scrapling[all] plus browser setup, modifying the local Python environment without a clear explicit install boundary.
Credentials
Outbound requests are expected for this skill, but run.sh interpolates URL and selector input into python3 -c code and spider mode directly runs a caller-supplied Python file, making the helper broader than scraping.
Persistence & Privilege
No hidden background persistence, credential theft, or destructive behavior was found, but package/browser installation persists locally and spider execution runs arbitrary Python with the user's normal privileges.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install scrapling - 安装完成后,直接呼叫该 Skill 的名称或使用
/scrapling触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.8
v1.0.8 - Firecrawl-Style Crawl
v1.0.5
Enhanced API reverse engineering methodology with detailed step-by-step process from @paoloanzn. Added Solscan case study. Updated credits.
v1.0.1
scrapling v1.0.1
- Added _meta.json metadata file.
- Updated SKILL.md to adjust requirements: removed "pip" from required bins.
- Minor updates to run.sh and metadata structure.
v1.2.0
Full features except MCP - CLI, adaptive, spider
v1.1.0
Add agent instructions and credits
v1.0.0
Initial release - adaptive web scraping with anti-bot bypass and spider crawling
元数据
常见问题
Scrapling 是什么?
Adaptive web scraping framework with anti-bot bypass and spider crawling. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 6257 次。
如何安装 Scrapling?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install scrapling」即可一键安装,无需额外配置。
Scrapling 是免费的吗?
是的,Scrapling 完全免费(开源免费),可自由下载、安装和使用。
Scrapling 支持哪些平台?
Scrapling 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Scrapling?
由 ohnednez(@zendenho7)开发并维护,当前版本 v1.0.8。
推荐 Skills