tabstack-extractor
Extract structured data from websites using Tabstack API. Use when you need to scrape job listings, news articles, product pages, or any structured web content. Provides JSON schema-based extraction and clean markdown conversion. Requires TABSTACK_API_KEY environment variable.
[](https://agentverus.ai/skill/15e03cfc-aa33-48f4-bfdc-35f16167779b)Community Comments
Public comments are the active feedback surface on skill reports right now. Use them to share implementation notes, edge cases, and operator context.
Sign in to comment on this skill
No comments yet. Be the first to share your thoughts.
Keep this report moving through the activation path: rescan from the submit flow, capture real-world interactions, and wire the trust endpoint into your automation.
https://agentverus.ai/api/v1/skill/15e03cfc-aa33-48f4-bfdc-35f16167779b/trustUse your saved key to act on this report immediately instead of returning to onboarding.
Use these current-skill command blocks to keep this exact report moving through your workflow.
curl -X POST https://agentverus.ai/api/v1/interactions \
-H "Authorization: Bearer at_your_api_key" \
-H "Content-Type: application/json" \
-d '{"agentPlatform":"openclaw","skillId":"15e03cfc-aa33-48f4-bfdc-35f16167779b","interactedAt":"2026-03-15T12:00:00Z","outcome":"success"}'curl https://agentverus.ai/api/v1/skill/15e03cfc-aa33-48f4-bfdc-35f16167779b/trustCategory Scores
Findings (18)
The scanner inferred a risky capability from the skill content/metadata, but no matching declaration was found. Add a declaration with a clear justification, or remove the behavior.
→ Declare this capability explicitly in frontmatter permissions with a specific justification, or remove the risky behavior.
Piping a downloaded script directly to a shell interpreter. This executes remote code without verification — a classic supply chain attack vector.
→ Review the code block starting at line 15. Ensure this pattern is necessary and does not pose a security risk.
Found browser content extraction pattern: "data extraction"
→ Treat browser page capture and HTML/text extraction as potential data-access operations, especially when sessions may be authenticated. Make the data-access scope explicit and avoid collecting more page content than needed.
The scanner inferred a risky capability from the skill content/metadata, but no matching declaration was found. Add a declaration with a clear justification, or remove the behavior.
→ Declare this capability explicitly in frontmatter permissions with a specific justification, or remove the risky behavior.
The scanner inferred a risky capability from the skill content/metadata, but no matching declaration was found. Add a declaration with a clear justification, or remove the behavior.
→ Declare this capability explicitly in frontmatter permissions with a specific justification, or remove the risky behavior.
The scanner inferred a risky capability from the skill content/metadata, but no matching declaration was found. Add a declaration with a clear justification, or remove the behavior.
→ Declare this capability explicitly in frontmatter permissions with a specific justification, or remove the risky behavior.
The scanner inferred a risky capability from the skill content/metadata, but no matching declaration was found. Add a declaration with a clear justification, or remove the behavior.
→ Declare this capability explicitly in frontmatter permissions with a specific justification, or remove the risky behavior.
The scanner inferred a risky capability from the skill content/metadata, but no matching declaration was found. Add a declaration with a clear justification, or remove the behavior.
→ Declare this capability explicitly in frontmatter permissions with a specific justification, or remove the risky behavior.
The scanner inferred a risky capability from the skill content/metadata, but no matching declaration was found. Add a declaration with a clear justification, or remove the behavior.
→ Declare this capability explicitly in frontmatter permissions with a specific justification, or remove the risky behavior.
The skill contains a download-and-execute pattern inside a code block. Verify the URL is trustworthy.
→ Pin the installer to a specific version or hash. Consider bundling dependencies instead.
The skill instructs users to download and execute code from a remote URL, a common supply-chain attack vector.
→ Remove curl-pipe-to-shell patterns. Provide dependencies through safe, verifiable channels.
The skill references 5 external URLs and also discusses auth/API/payment workflows, which increases the chance that sensitive operations depend on many remote endpoints.
→ Minimize external dependencies to reduce supply chain risk.
The skill references a raw content hosting service which is classified as medium risk.
→ Use official package registries instead of raw content URLs. Raw URLs can be changed without notice.
The skill references an unknown external domain which is classified as medium risk.
→ Verify that this external dependency is trustworthy and necessary.
The skill references an unknown external domain which is classified as low risk.
→ Verify that this external dependency is trustworthy and necessary.
Found state persistence pattern: "Save to database"
→ If state persistence is needed, document what data is stored and where. Allow users to review stored data.
The skill does not include explicit safety boundaries defining what it should NOT do.
→ Add a 'Safety Boundaries' section listing what the skill must NOT do (e.g., no file deletion, no network access beyond needed APIs).
The skill includes error handling instructions for graceful failure.
→ Keep these error handling instructions.