just-scrape

[Skill Scanner] Natural language instruction to download and install from URL detected The package appears to be a legitimate AI-powered scraping CLI that relies on a centralized ScrapeGraph backend. I found no direct indicators of embedded malware or obfuscated malicious code in the provided documentation. However, the design and examples promote insecure practices that increase the risk of credential exposure and unintended data leakage to the backend: inline passwords in CLI examples, persistence of API keys/sessions without stated protections, acceptance/forwarding of arbitrary headers/cookies, and encouragement to install @latest. These operational and privacy risks warrant caution: do not pass secrets on the command line, pin versions in production, inspect what data is sent to the backend, and require secure storage/permissions for local config/session files. LLM verification: This SKILL.md is documentation for a CLI that is functionally consistent with its stated purpose (hosted AI-backed web scraping and browser automation). There is no explicit malicious code in the provided text. However, there are notable supply-chain and credential risks: advising installation of unpinned @latest releases increases update-supply-chain exposure; the agentic-scraper examples demonstrate passing and persisting plaintext site credentials (CLI args and session persistence), which cre