web-scraping

SUSPICIOUS: the stated web-scraping purpose matches much of the behavior, but the skill’s footprint is unusually aggressive for an AI agent because it relies on traffic interception, stealth/anti-detection, and token/header capture. Official Apify pieces are coherent, yet the unverified Proxy-MCP dependency and offensive scraping workflow make the overall skill high risk rather than benign.

The file is a straightforward operational guide for DOM scraping using a DevTools bridge and an anti-detection humanizer. It contains explicit instructions to extract cookies and storage tokens and to reuse them in HTTP requests (gotScraping), plus strong advice to operate stealthily. This makes it a high-risk guide for credential harvesting and undetected scraping when used maliciously. There is no obfuscated or self-executing malware in the text, but the instructions materially enable unauthorized access and data exfiltration if applied without consent. Treat this material as dual-use: acceptable for authorized testing but potentially dangerous if used for abuse.

This document is non-executable documentation that describes and encourages techniques to evade bot detection: browser fingerprint spoofing, TLS/J A3 spoofing, proxy chaining, humanizer emulation, and aggressive session rotation. There is no direct code performing I/O or exfiltration in this fragment, so it is not malware by itself. However, it provides clear operational guidance that can facilitate abusive scraping, account takeover, or other automated evasion. Treat inclusion of these instructions in a package as a moderate-to-high abuse risk and review the broader package for executable code that implements these techniques.