mcp-crew-risk

A Crawler Risk Assessor based on the Model Context Protocol (MCP).
This server provides a simple API interface that allows users to perform a comprehensive crawler compliance risk assessment for a specified webpage.

Crawler Compliance Risk Assessment Framework Description

This framework aims to provide crawler developers and operators with a comprehensive automated compliance detection toolset to evaluate the crawler-friendliness and potential risks of target websites. It covers three major dimensions: legal, social ethics, and technical aspects. Through multi-level risk warnings and specific recommendations, it helps plan crawler strategies reasonably to avoid legal disputes and negative social impacts while improving technical stability and efficiency.

Framework Structure

1. Legal Risk

Detection Content

• Whether there are explicit Terms of Service restricting crawler activities
• Whether the website declares copyright information and whether content is copyright protected
• Whether pages contain sensitive personal data (e.g., emails, phone numbers, ID numbers)

Risk Significance

Violating terms may lead to breach of contract, infringement, or criminal liability; scraping sensitive data may violate privacy regulations such as GDPR, CCPA, etc.

Detection Examples

• Detect <meta> tags and key keywords in page content
• Regex matching for emails, phone numbers

2. Social/Ethical Risk

Detection Content

• Whether robots.txt disallows crawler access to specific paths
• Anti-crawling technologies deployed by the site (e.g., Cloudflare JS Challenge)
• Risks of collecting user privacy or sensitive information

Risk Significance

Excessive crawling may harm user experience and trust; collecting private data has ethical risks and social responsibility implications.

Detection Examples

• Accessing and parsing robots.txt
• Detecting anti-crawling mechanisms and JS challenges
• Sensitive information extraction warnings

3. Technical Risk

Detection Content

• Whether redirects, CAPTCHAs, JS rendering obstacles are encountered during access
• Whether robots.txt can be successfully accessed to get crawler rules
• Exposure of target API paths, possible permissions or rate limiting restrictions

Risk Significance

Technical risks may cause crawler failure, IP bans, or incomplete data, affecting business stability.

Detection Examples

• HTTP status code and response header analysis
• Anti-crawling technology detection
• API path scanning

Rating System

• allowed: No obvious restrictions or risks, generally safe to crawl
• partial: Some restrictions (e.g., robots.txt disallows some paths, anti-crawling measures), requires cautious operation
• blocked: Severe restrictions or high risk (e.g., heavy JS anti-crawling challenges, sensitive data protection), crawling is not recommended

Recommendations

Implementation Process

1. Pre-crawl Assessment
   Run compliance assessment on the target site to confirm risk levels and restrictions.

2. Compliance Strategy Formulation
   Adjust crawler access frequency and content scope according to assessment results to avoid breaches or violations.

3. Crawler Execution and Monitoring
   Continuously monitor technical exceptions and risk changes during crawling; regularly reassess.

4. Data Processing and Protection
   Ensure crawled data complies with privacy protection requirements and perform necessary anonymization.

Technical Implementation Overview

• Use Axios + node-fetch for HTTP requests, supporting timeout and redirect control.
• Parse robots.txt and page meta tags to automatically identify crawler rules.
• Use regex to detect privacy-sensitive information (emails, phones, ID numbers, etc.).
• Detect anti-crawling tech (e.g., Cloudflare JS Challenge) and exposed API endpoints.
• Provide legal, social, and technical risk warnings and comprehensive suggestions via risk evaluation functions.

Future Extensions

• Integrate Puppeteer/Playwright for JavaScript-rendered page detection.
• Automatically parse and notify on Terms of Service text updates.
• Add dedicated detection modules for GDPR, CCPA, and other regional laws.
• Combine machine learning models to improve privacy-sensitive data recognition accuracy.
• Provide Web UI to display compliance reports and risk suggestions.

Summary

This compliance risk assessment framework provides a foundational and comprehensive risk evaluation for crawler development and operation. It helps teams comply with laws, regulations, and ethical principles while enhancing technical efficiency and data quality and reducing potential legal and social risks.

🧠 One-sentence summary:

No robots.txt ≠ permission to crawl freely; technical crawlability ≠ legal permission; respect data, websites, and users — that is the foundation of compliant crawling.

MCP-Based Website Crawler Compliance Risk Assessment – Main Features:

1. Target Website Access and Basic Status Check ✅ Completed

• Access the target website homepage with timeout and up to 5 redirects supported
• Return HTTP status code to determine site accessibility
• Detect redirects and warn about potential risks

2. Anti-Crawling Mechanism Detection ✅ Completed

• Detect if server uses Cloudflare or similar anti-crawling protection
• Detect presence of JavaScript verification challenges (e.g., Cloudflare JS Challenge)
• Parse page <meta name="robots"> tags and HTTP response header X-Robots-Tag
• Automatically request and parse robots.txt, extract allowed and disallowed paths

3. Sensitive Content Detection and Legal Risk Warning ✅ Completed

• Detect copyright notices and Terms of Service related information on pages
• Regex match to identify possible personal private information (email, phone, ID)
• Provide legal compliance warnings to prevent infringement and privacy leaks

4. Public API Endpoint Detection ✅ Completed

• Access common API paths (e.g., /api/, /v1/, /rest/)
• Determine whether APIs are open and whether authentication is required; warn about potential permission and rate limiting risks

5. Comprehensive Risk Evaluation and Classification ✅ Completed

• Provide three-level crawl permissibility rating based on all detection results:
  • allowed: no obvious restrictions or risks
  • partial: some technical or compliance restrictions
  • blocked: obvious anti-crawling or high risk

6. Planned Features 🚧 Pending

git clone https://github.com/Joooook/mcp-crew-risk.git
npm i

<div align="center">▶️Quick Start</div>

CLI

npx -y mcp-crew-risk

MCP Server Configuration

{
    "mcpServers": {
        "mcp-crew-risk": {
            "command": "npx",
            "args": [
                "-y",
                "mcp-crew-risk"
            ]
        }
    }
}

<div align="center">💭Murmurs</div>

This project is for learning purposes only. Contributions and feature requests are welcome.

Business Collaboration Email: deeppathai@outlook.com

🧠 MCP Access Links

• 🌐 ModelScope MCP Address
  For testing and integrating the mcp-crew-risk service on the ModelScope platform.

• 🛠️ Smithery.ai MCP Address
  For visually configuring and invoking the mcp-crew-risk service via the Smithery platform.