Scan Report
5 /100
propertyguru-sg-sale-browser-crawl
Extract around 50 Singapore for-sale listings from a PropertyGuru search results URL using a real browser session after Cloudflare verification.
A straightforward browser-based web scraper for PropertyGuru Singapore with fully declared capabilities, no hidden functionality, and no credential access.
Safe to install
No action needed. The skill is a legitimate, well-documented web scraping tool with no security concerns.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | READ | READ | ✓ Aligned | SKILL.md references reading local files: {baseDir}/references/source-notes.md |
| Browser | READ | READ | ✓ Aligned | SKILL.md declares 'Use a real browser page' via playwright; browser access is th… |
| Network | READ | READ | ✓ Aligned | SKILL.md declares fetching PropertyGuru URLs only; no exfiltration endpoints |
| Shell | NONE | NONE | — | No shell execution observed in any file |
| Environment | NONE | NONE | — | No environment variable access observed |
| Clipboard | NONE | NONE | — | No clipboard operations observed |
| Database | NONE | NONE | — | No database operations observed |
| Skill Invoke | NONE | NONE | — | No cross-skill invocation observed |
2 findings
Medium External URL 外部 URL
https://www.propertyguru.com.sg/property-for-sale?listingType=sale&page=1&isCommercial=false&maxPrice=1400000 SKILL.md:5 Medium External URL 外部 URL
https://www.propertyguru.com.sg/listing/hdb-for-sale-780b-woodlands-crescent-500044843 SKILL.md:81 File Tree
3 files · 8.0 KB · 250 lines Markdown 2f · 247L
YAML 1f · 3L
├─
▾
agents
│ └─
openai.yaml
YAML
├─
▾
references
│ └─
source-notes.md
Markdown
└─
SKILL.md
Markdown
Security Positives
✓ SKILL.md is thorough, well-structured, and fully declares the browser-based scraping approach
✓ All capabilities (browser, filesystem read, network read) are declared and consistent with the implementation intent
✓ No shell execution, subprocess, or command injection vectors present
✓ No credential or sensitive path access (no ~/.ssh, ~/.aws, .env, or os.environ iteration)
✓ No obfuscation techniques (no base64, eval, atob, or hidden code)
✓ No external data exfiltration endpoints or C2 communication
✓ No supply chain risks — no scripts, dependencies, or binary files
✓ Data stays local: only reads from PropertyGuru and writes structured listing data
✓ No persistence mechanisms (no cron, startup hooks, or backdoor installation)
✓ Deduplication by listing ID is a good data integrity practice