TinyScraper Security Report — Trusted | ClawSafe

5 /100

TinyScraper

简单静态网站镜像爬虫 - mirrors websites to local storage for offline viewing

TinyScraper is a legitimate static website mirroring tool that performs exactly as documented using only Python3 standard library with no malicious behavior detected.

Skill NameTinyScraper

Duration39.4s

Enginepi

✓

Safe to install

No action needed. This skill is safe to use.

Findings 2 items

Severity	Finding	Location
Low	robots.txt is ignored The crawler explicitly ignores robots.txt when crawling websites, which is a common practice for mirroring tools but may have legal implications `robots.txt 被忽略（镜像工具通用行为）` → Consider adding a --respect-robots option for compliance with target site preferences	`references/SPEC.md:92`
Low	No allowed-tools declaration in SKILL.md SKILL.md does not explicitly declare the allowed-tools mapping, though implementation is consistent with declared functionality `No allowed-tools section found` → Add allowed-tools declaration for transparency	`SKILL.md:1`

Resource	Declared	Inferred	Status	Evidence
Filesystem	`WRITE`	`WRITE`	✓ Aligned	lib/crawler.py:line 63 - ensure_dir(self.base_dir); lib/crawler.py:line 185 - se…
Network	`READ`	`READ`	✓ Aligned	lib/crawler.py:line 162 - urllib.request.urlopen(req, timeout=timeout)
Shell	`NONE`	`NONE`	—	No subprocess or shell execution found
Environment	`NONE`	`READ`	✓ Aligned	lib/crawler.py:line 37 - os.environ.get('OPENCLAW_WORKSPACE') for workspace conf…
Skill Invoke	`NONE`	`NONE`	—	No skill invocation detected
Clipboard	`NONE`	`NONE`	—	No clipboard access detected
Browser	`NONE`	`NONE`	—	No browser automation detected
Database	`NONE`	`NONE`	—	No database access detected

2 findings

🔗

Medium External URL 外部 URL

https://other.com/about

scripts/test_crawler.py:70

🔗

Medium External URL 外部 URL

https://external.com

scripts/test_crawler.py:92

File Tree

4 files · 37.0 KB · 1150 lines

Python 2f · 885L Markdown 2f · 265L

├─ ▾ 📁 lib

│ └─ 🐍 crawler.py Python 630L · 22.4 KB

├─ ▾ 📁 references

│ └─ 📝 SPEC.md Markdown 132L · 2.9 KB

├─ ▾ 📁 scripts

│ └─ 🐍 test_crawler.py Python 255L · 8.4 KB

└─ 📝 SKILL.md Markdown 133L · 3.2 KB

Dependencies 1 items

Package	Version	Source	Known Vulns	Notes
`Python3 Standard Library`	`Built-in`	stdlib	No	urllib.request, html.parser, re, os, tempfile - all standard library

Security Positives

✓ Uses only Python3 standard library (no external dependencies)

✓ No subprocess, shell execution, or system command calls

✓ No credential harvesting or environment variable exfiltration

✓ No base64/encoded payloads or eval() calls

✓ No hidden functionality - code matches documentation

✓ Same-domain restriction prevents unintended external requests

✓ Configurable request delay (DELAY) prevents abuse

✓ Clean BFS crawling algorithm with proper URL normalization

✓ No data exfiltration or external IP communications beyond target URL

✓ Well-documented with SKILL.md and SPEC.md

Scan Report

Findings 2 items

File Tree

Dependencies 1 items

Security Positives