← 返回 Skills 市场
295
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install swipenode-2
功能描述
Lightning-fast web extraction for AI agents. Extracts structured JSON from Next.js, Nuxt.js, Gatsby, Remix without headless browsers. TLS spoofing bypasses C...
安全使用建议
This skill could be what it claims (fast scraping of framework-embedded JSON), but several things don't add up and raise real risk:
- Inconsistent sources: SKILL.md points to https://github.com/sirToby99/swipenode while README uses https://github.com/Nefas11/swipenode — confirm the official source and verify repository history before cloning or building.
- No formal install spec: the registry lists no installer, yet instructions ask you to git clone and go build a binary from an external repo. Treat that binary as untrusted until reviewed.
- WAF/TLS spoofing: the tool advertises TLS-fingerprint spoofing to bypass Cloudflare/WAFs. That is dual‑use (can be used for evading protections) and may violate target sites' terms or laws. Only use where you have permission and legal authority.
- 'install-mcp' / auto-registration: this could modify your Claude Desktop or agent config. Don’t run install-mcp or any integration command until you inspect the code that performs the registration and confirm what files it changes.
- Practical steps before using: (1) verify and prefer an official signed release or a single authoritative repo; (2) review source code (especially network/TLS code and any config-modification routines) or have a trusted person do so; (3) build in an isolated sandbox/container and run with least privilege; (4) avoid running install-mcp until you can audit the registration logic; (5) ensure use complies with target site terms-of-service and applicable law.
If the maintainer publishes a clear, consistent repository with signed releases and an install spec pointing to an official release host (GitHub Releases or similar), and if the install-mcp behavior is documented and auditable, that would reduce my concern.
功能分析
Type: OpenClaw Skill
Name: swipenode-2
Version: 0.1.0
The skill provides web scraping with WAF bypass capabilities (TLS spoofing) and includes an 'install-mcp' command that modifies local configuration files (Claude Desktop). A notable discrepancy exists between the source repositories mentioned in SKILL.md (sirToby99/swipenode) and README.md (Nefas11/swipenode), which may indicate an unverified fork or supply chain risk. While the features align with the stated purpose of a scraping tool, the combination of automated configuration modification and inconsistent sourcing is suspicious.
能力评估
Purpose & Capability
The skill claims to be a local CLI that extracts framework-embedded JSON and to perform TLS/TLS-fingerprint spoofing to bypass WAFs. Extracting __NEXT_DATA__ / window.__NUXT__ etc. matches the stated purpose, but the WAF/TLS-spoofing claim is a powerful dual-use capability that is out-of-band for a simple 'extractor' and increases misuse risk. Additionally, the registry metadata declares no install and no binaries required, yet the SKILL.md expects a local binary path and gives build/run commands — an inconsistency.
Instruction Scope
Runtime instructions tell the agent (or user) to clone/build/run a third-party binary from GitHub and to use an 'install-mcp' action that 'auto-registers' with Claude Desktop. Those actions may modify local agent/client configuration. The SKILL.md does not instruct reading unrelated system files, but the opaque 'install-mcp' and MCP auto-registration imply potential modification of user agent configuration outside the skill's stated extraction-only scope.
Install Mechanism
This is an instruction-only skill with no formal install spec recorded by the registry, yet SKILL.md and README instruct cloning arbitrary GitHub repos and building a binary locally (go build). That effectively downloads and executes code from external sources. The README and SKILL.md reference different GitHub repo owners (sirToby99 vs Nefas11) — a repository inconsistency that is a red flag and increases risk because there's no single verified release URL or signed binary.
Credentials
The skill does not request environment variables, credentials, or config paths in the registry metadata. The SKILL.md likewise does not ask for secrets or unrelated credentials. Lack of requested secrets is proportionate to the described functionality.
Persistence & Privilege
The skill is not marked always:true and does not request elevated platform privileges in the registry. However, the 'install-mcp' command and claims about auto-registering with Claude Desktop suggest the binary (if run) could modify local agent/client configuration to integrate itself persistently. This behavior is not described in detail in the SKILL.md and should be examined before running.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install swipenode-2 - 安装完成后,直接呼叫该 Skill 的名称或使用
/swipenode-2触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.0
- Initial release of swipenode skill: high-speed web extraction CLI for AI agents.
- Extracts structured JSON from Next.js, Nuxt.js, Gatsby, Remix—no headless browsers required.
- Bypasses Cloudflare via TLS spoofing; dramatically reduces token usage compared to raw HTML.
- Provides batch extraction, local agent server (MCP), and integration examples.
- Clearly documents capabilities, use cases, and known limitations.
元数据
常见问题
Swipenode 是什么?
Lightning-fast web extraction for AI agents. Extracts structured JSON from Next.js, Nuxt.js, Gatsby, Remix without headless browsers. TLS spoofing bypasses C... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 295 次。
如何安装 Swipenode?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install swipenode-2」即可一键安装,无需额外配置。
Swipenode 是免费的吗?
是的,Swipenode 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Swipenode 支持哪些平台?
Swipenode 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Swipenode?
由 Nefas11(@nefas11)开发并维护,当前版本 v0.1.0。
推荐 Skills