📦 Anti-Crawler Evasion — 技能工具
v1.0.0防止被反爬虫机制识别和封禁。当用户需要进行网页爬取、数据采集、API访问,或询问如何绕过反爬、避免IP封禁、隐藏爬虫身份时使用。触发词包括:反爬、反爬虫、绕过反爬、避免封禁、爬虫伪装、隐身爬取。
0· 51·0 当前·0 累计
by 安全扫描
OpenClaw
可疑
high confidenceThe skill's instructions clearly teach how to evade anti-crawling protections, but its declared requirements (none) do not match the sensitive operations the instructions expect—this mismatch and the potential for reading local cookies/credentials make it suspicious.
评估建议
This skill provides step-by-step techniques to evade anti-scraping defenses (proxies, browser fingerprinting, cookie import, CAPTCHA solving). Before installing or running it, consider: (1) legal and ethical risk—bypassing site protections can violate terms of service and laws; (2) do not supply browser cookies, proxy credentials, or API keys to an untrusted skill—those can expose your sessions and accounts; (3) the skill omits required binaries and env vars, so you would need to install package...详细分析 ▾
⚠ 用途与能力
The name and description match the content (anti-crawler evasion). However, the SKILL.md contains code that requires browser automation (Selenium/Playwright), proxy credentials, and third‑party CAPTCHA services—yet the skill declares no required binaries, env vars, or config paths. Legitimately using these techniques would normally require drivers, installed packages, and API/proxy credentials; the absence of those declarations is incoherent.
⚠ 指令范围
The runtime instructions go beyond simple guidance: they include code to import browser cookies, create headless browsers and stealth drivers, simulate mouse/keyboard events, rotate proxies with credentials, and call external CAPTCHA solving APIs. Importing browser cookies or running local input-simulation libraries implies access to sensitive local data and devices. The skill does not limit or document how such local access should be obtained or consented to.
ℹ 安装机制
The skill is instruction-only (no install spec), which lowers direct install risk. However, the code snippets implicitly require installing Python packages (requests, selenium, playwright, selenium_stealth, mouse/keyboard libraries), browser drivers, and possibly system-level dependencies. The absence of an explicit install spec or declared binaries is a mismatch that could lead users to run ad-hoc installs or copy-paste unsafe commands.
⚠ 凭证需求
The skill declares no required environment variables or credentials, but examples use proxy credentials (user:pass@...), and a placeholder API key for 2Captcha. It also recommends importing browser cookies (session tokens). Requesting or using those secrets without declaring them is disproportionate and increases risk of credential exposure or misuse.
ℹ 持久化与权限
always:false (good) and autonomous invocation is allowed (platform default). Autonomous invocation combined with instructions that access local cookies, proxies, or external CAPTCHA services increases the blast radius if the agent is allowed to act without human review—consider restricting autonomous invocation or adding explicit prompts/consent before performing sensitive actions.
安装前注意事项
- legal and ethical risk—bypassing site protections can violate terms of service and laws; (
- do not supply browser cookies, proxy credentials, or API keys to an untrusted skill—those can expose your sessions and accounts; (
- the skill omits required binaries and env vars, so you would need to install packages and drivers yourself—avoid copy/pasting unknown install commands; (
- prefer using sanctioned APIs or obtaining permission from target sites; (
- if you must test, run in an isolated sandbox with no real credentials and disable autonomous invocation so the agent cannot act without your explicit approval. Ask the publisher for a clear list of required packages, exact env vars, and a justification for any operation that reads local cookies or system devices before proceeding.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.02026/4/9
Initial release of anti-crawler-evasion skill. - Provides practical strategies for bypassing anti-crawling detection and bans, including user-agent rotation, proxy/IP rotation, and request header completeness. - Includes rate limiting techniques and adaptive delays to control request frequency and avoid bans. - Offers browser fingerprint randomization, cookie/session management, and JavaScript rendering challenge handling (with Selenium/Playwright). - Covers automated CAPTCHA solving via 2Captcha integration. - Details distributed crawling architecture and human-like behavior simulation for advanced evasion. - Lists common anti-crawler scenarios and countermeasures, and provides recommended tools for implementation.
● 可疑
安装命令
点击复制官方npx clawhub@latest install anti-crawler-evasion
镜像加速npx clawhub@latest install anti-crawler-evasion --registry https://cn.longxiaskill.com镜像同步中