Official (Vendor)★ 4.1by Scrapeless

Scrapeless

Scrapeless MCP for protected sites. Handles Cloudflare challenges, Akamai, datadome — when Puppeteer hits a wall.

Homepage

Safety & Trust

Delv Safety Grade: C

Score 58/100 · assessed 2026-04-28

Maintainer65

Permissions70

Supply chain35

Transparency40

Incidents100

Scrapeless is a commercial anti-bot bypass service wrapped as an MCP server. The vendor appears legitimate with a professional web presence, but operates in a legally grey area where scraping protected sites may violate terms of service. With no public repository, no package distribution, and unknown installation method, the supply chain is opaque. You must trust Scrapeless with your API key and all scraped content passes through their infrastructure. The permissions are reasonably scoped (outbound network calls to their API, reading your API key from environment), but transparency is poor. No source code review is possible, no changelog exists, and the exact capabilities beyond 'bypass anti-bot' are unclear. Suitable only if you accept the legal risk and trust a closed-source vendor with your scraping workload.

Lethal Trifecta (prompt-injection exposure)

TWO OF THREE

Private dataNo

Reads secrets, credentials, private files

Untrusted inputYes

Ingests web pages, PRs, issues, emails

External commsYes

Can send data outbound

CAPTCHA-bypassing scraper. Untrusted-input by design, outbound to the SaaS.

Green flags

Professional vendor with established web presence
Scoped to API calls, no filesystem or shell access required
Solves real problem where standard tools fail against anti-bot systems
No known security incidents or credential leaks

Red flags

No public repository or source code available for audit
Unknown installation method and no package manager distribution
Scraping protected sites may violate ToS and carry legal risk
All scraped data routes through third-party infrastructure
Closed-source with no transparency into challenge-solving methods

Permissions requested

Outbound networkAccess secrets

Assessed by Delv Editorial using public metadata. Grades are advisory and update as the ecosystem changes. They do not replace your own review of permissions and code before granting an agent access to sensitive systems.

Review

Scrapeless is an MCP server that acts as a proxy for scraping sites protected by anti-bot systems. When you point Claude at a URL guarded by Cloudflare, Akamai, or DataDome, standard tools like Puppeteer or curl just get blocked. Scrapeless routes the request through its API, handles the challenge-solving, and returns the HTML or structured data. You need an API key from Scrapeless, which means this is a paid service, not a self-hosted scraper. I'd reach for this when I'm building an agent that needs to pull data from e-commerce sites, job boards, or any platform that actively blocks bots. The MCP interface means Claude can call it directly without you writing fetch wrappers. You ask for a page, it returns the content, and you move on. The workflow is simple: Claude decides it needs data from a protected URL, invokes the Scrapeless tool, gets back the HTML, then parses or summarises it. The main quirk is that you're paying per request, so this isn't for casual browsing or exploratory scraping. It's for targeted data extraction where the alternative is writing and maintaining your own anti-detection stack. The MCP doesn't expose every Scrapeless feature, so if you need fine-grained control over headers, proxies, or JavaScript rendering options, you might hit the API directly instead. Who shouldn't bother: anyone scraping public APIs or sites without bot protection. If the site has a documented API or doesn't block requests, use a standard fetch tool. Also skip this if you're just experimenting, the cost per request adds up. But if you're building a production agent that needs reliable access to protected content, and you don't want to maintain your own scraping infrastructure, Scrapeless is the pragmatic choice. It works across Claude Desktop, Cursor, and Cline, though setup varies by host.

Verdict

Install this if you're building agents that need to scrape bot-protected sites and you'd rather pay per request than maintain your own anti-detection stack. Skip it if your targets have public APIs or don't block standard requests. The cost per call makes it a tool for targeted extraction, not casual browsing.

Good at

Handles Cloudflare, Akamai, and DataDome challenges without you writing or maintaining anti-bot code.
Works directly in Claude Desktop, Cursor, and Cline, so agents can scrape protected sites without custom fetch logic.
Returns clean HTML or structured data, no need to parse challenge pages or manage browser sessions.
Saves time compared to building and updating your own scraping infrastructure.

Watch out

Paid service, so every request costs money, not ideal for exploratory or high-volume scraping.
MCP interface may not expose all Scrapeless API features, limiting fine-grained control over requests.
No repo or package, so you can't inspect the implementation or run it locally.
Requires an API key, adding a dependency on an external service and another credential to manage.

Getting started

1. Sign up at scrapeless.com and grab your API key from the dashboard. 2. Set the environment variable SCRAPELESS_API_KEY in your shell or host config. 3. Add the Scrapeless MCP to your Claude Desktop, Cursor, or Cline config (refer to host-specific docs for MCP setup). 4. Test by asking Claude to fetch content from a Cloudflare-protected site. 5. Watch out for request costs, each call hits your Scrapeless quota, so avoid using it for exploratory scraping.

Works with

Claude DesktopCursorCline