Skip to main content
The user names a URL or crawl task; the agent uses spider tools to fetch and summarise page content.
Prerequisites
  • Python 3.10 or higher
  • PraisonAI Agents package installed
  • scrapy package installed

Spider Tools

Use Spider Tools to crawl and scrape web content with AI agents.
1

Install Dependencies

First, install the required packages:
2

Import Components

Import the necessary components:
3

Create Agent

Create a web scraping agent:
4

Define Task

Define the scraping task:
5

Run Agent

Initialize and run the agent:

Understanding Spider Tools

What are Spider Tools?

Spider Tools provide web scraping capabilities for AI agents:
  • Page scraping and downloading
  • Content extraction and filtering
  • Link discovery and crawling
  • HTML parsing and cleaning
  • Data structuring and formatting

Key Components

Spider Agent

Create specialized scraping agents:

Spider Task

Define scraping tasks:

Process Types

Sequential or parallel processing:

Scraping Options

Customize scraping parameters:

Examples

Basic Web Scraping Agent

Advanced Scraping with Multiple Agents

Best Practices

Configure agents with clear scraping focus:
Define specific scraping objectives:

Built-in URL Safety

Spider tools (scrape_page, extract_links, crawl, extract_text) refuse to fetch dangerous URLs before any network request is made. You don’t need to wrap them in a custom validator.

What gets refused

URL patternExampleWhy
Non-http/https schemesfile:///etc/passwd, gopher://xOnly web protocols are allowed
Loopbackhttp://127.0.0.1/, http://localhost/Blocks access to the local machine
Trailing-dot localhosthttp://localhost.:8765/Some HTTP clients strip the dot and hit loopback
Short-form IPv4http://127.1:8765/, http://127.1/inet_aton expands 127.1127.0.0.1
Octal IPv4http://0177.0.0.1:8765/0177 = 127 in octal
Hex integer hosthttp://0x7f000001:8765/0x7f000001 = 127.0.0.1 packed
Decimal integer hosthttp://2130706433:8765/2130706433 = 127.0.0.1 packed
Internal .localhost suffixhttp://api.localhost/All *.localhost is loopback by RFC
Private / reserved IPshttp://10.0.0.5/, http://192.168.1.1/Blocks internal network access
Link-localhttp://169.254.169.254/Blocks cloud metadata services
Internal TLDshttp://intranet.local/, http://svc.internal/Blocks corporate internal hosts
Backslash in URLhttp://127.0.0.1:6666\@1.1.1.1SSRF-smuggling: urlparse says 1.1.1.1, requests actually hits 127.0.0.1
ASCII control chars (< 0x20 or 0x7f)http://example.com\x00.evil.com, http://example.com\r\n.evil.comCRLF / NUL injection in the authority
Non-string inputNone, 123Defensive — returns False instead of raising
The backslash and control-character rejections (the last two rows above) were added in PraisonAI #1578 to close an SSRF bypass where urllib.parse.urlparse and the HTTP client (requests / httpx) disagreed on the destination host.The alternative loopback encodings (trailing-dot localhost, short-form/octal/hex IPv4, etc.) are validated by the unified _host_is_blocked helper, which also powers URL safety for @url: mentions.

What it looks like to your agent

When the validator refuses a URL, the tool returns an error dict instead of fetching:
This validation is always on for the bundled spider tools. It runs on every URL passed to scrape_page, extract_links, crawl, and extract_text. There is no flag to disable it, and it does not require enable_security().

Common Patterns

Web Scraping Pipeline