← 返回 Skills 市场
Traktor Web Scraper
作者
dorukardahan
· GitHub ↗
· v1.0.0
650
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install traktor
功能描述
Extract all assets and content from websites including images, SVGs, fonts, videos, and page structure. Parallel agents with thorough scraping coverage. Trig...
安全使用建议
This skill appears to be a high-coverage web scraper and is coherent with that purpose, but it has operational risks you should consider before installing:
- Sanitize input: The SKILL.md substitutes a derived {site-name} directly into mkdir bash commands. A specially crafted URL could lead to unsafe directory names or path/command injection. Only run this against sanitized or trusted inputs, or ensure the implementation safely escapes filenames.
- Resource and scope control: The skill spawns background Task subagents and promises 'paranoid' thoroughness. That can create many concurrent crawlers, consume large bandwidth/storage, and potentially overload systems or your agent environment. Limit the number of parallel jobs and set clear depth/size limits before running.
- Data sensitivity: The scraper runs JavaScript in page context and will download whatever assets it finds. Do not run it against authenticated/private dashboards or sites with sensitive data you do not own — it can capture private content and credentials present in pages.
- Browser-extension dependency: It requires the claude-in-chrome MCP server (a browser extension) to function. Installing or enabling that extension is a separate trust decision because it gives the extension access to pages visited during scraping.
- Test in a sandbox: Before using on real targets, run the skill in a controlled environment with harmless test sites to confirm behavior (what it downloads, how it names files, and how many background agents it spawns).
If you want to proceed, ask the skill author (or the platform integrator) to: (1) explicitly document and enforce filename/path sanitization, (2) provide configurable limits for concurrency and crawl depth, and (3) state whether the Task tool yields any external network uploads or telemetry beyond saving to PROJECT_DIR.
功能分析
Type: OpenClaw Skill
Name: traktor
Version: 1.0.0
The skill is suspicious due to multiple potential shell injection vulnerabilities. In SKILL.md, Step 2, the `mkdir` command uses `{site-name}` derived from user-provided URLs without explicit sanitization, posing a risk if a malicious URL is crafted. More critically, in Step 3, Phase 4, the `curl` commands for downloading assets construct filenames using `{descriptive-name}` which is explicitly stated to come from 'alt text or context' of the scraped website. If this untrusted website content is directly inserted into the `curl` command without sanitization, it creates a severe shell injection vulnerability, allowing arbitrary command execution on the agent's host system.
能力评估
Purpose & Capability
The name/description (extract all site assets) aligns with the instructions: create asset folders, drive a browser via mcp__claude-in-chrome__* tools, run page JS to discover assets, and spawn Task subagents to process each site. No unrelated credentials, binaries, or installs are requested.
Instruction Scope
Instructions direct the agent to create directories in the current working directory, spawn background Task subagents for each URL, navigate pages, run arbitrary JS in page context, and perform thorough crawling. The SKILL.md does not require or show any sanitization of derived values (e.g., {site-name} used directly in mkdir commands) — this can lead to shell/path injection or unintended filesystem writes. The spec also enables wide crawling (likely including following links and downloading many assets) which can capture sensitive or private content and consume large amounts of bandwidth/storage.
Install Mechanism
Instruction-only skill with no install spec or code files reduces installer-side risk. The skill does require an external browser-extension MCP to be present (claude-in-chrome), but does not attempt to install it.
Credentials
No environment variables, credentials, or config paths are requested. This is proportionate for a scraper that operates via the browser automation tools described.
Persistence & Privilege
always is false and disable-model-invocation is false (normal). However, the skill instructs use of the Task tool with run_in_background=true to spawn parallel subagents — combined with its 'paranoid' thoroughness this can create many autonomous background tasks and heavy resource usage. The skill does not request modification of other skills or system-wide settings.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install traktor - 安装完成后,直接呼叫该 Skill 的名称或使用
/traktor触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial publish
元数据
常见问题
Traktor Web Scraper 是什么?
Extract all assets and content from websites including images, SVGs, fonts, videos, and page structure. Parallel agents with thorough scraping coverage. Trig... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 650 次。
如何安装 Traktor Web Scraper?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install traktor」即可一键安装,无需额外配置。
Traktor Web Scraper 是免费的吗?
是的,Traktor Web Scraper 完全免费(开源免费),可自由下载、安装和使用。
Traktor Web Scraper 支持哪些平台?
Traktor Web Scraper 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Traktor Web Scraper?
由 dorukardahan(@dorukardahan)开发并维护,当前版本 v1.0.0。
推荐 Skills