just-scrape

skills-sh:scrapegraphai_just-scrape__just-scrape

View source

100/100

First Seen

Feb 18, 2026

Last Scanned

Feb 20, 2026

Findings

Score

100/100

LOW 2

Findings (2)

LOW

Runtime URL controlling behavior THIRDPARTY_001

third-party-content L8

Detects URLs fetched at runtime that control or influence agent behavior without pinning

Get an API key at [dashboard.scrapegraphai.com](https:// + config

FIX

Avoid loading configuration or behavior-controlling content from runtime URLs. Bundle required configurations locally or pin remote config to versioned, integrity-verified endpoints.

FP?

Likely FP if the URL in the match is a documentation link or example URL (e.g., example.com) rather than an actual runtime-fetched configuration endpoint.

LOW

Global package installation EXTDL_004

external-download L15

Detects global installation of packages which affects the host system

npm install -g j

FIX

Replace npm install -g with a local install (npm install --save-dev) or use npx with a pinned version. Global installs modify the system and risk supply chain attacks.

FP?

Likely FP if the global install is for a well-known CLI tool (e.g., typescript, eslint) in setup documentation, though the supply chain risk remains real.