Prerequisites
- Python 3.10 or higher
- PraisonAI Agents package installed
scrapypackage installed
Spider Tools
Use Spider Tools to crawl and scrape web content with AI agents.Understanding Spider Tools
What are Spider Tools?
Spider Tools provide web scraping capabilities for AI agents:
- Page scraping and downloading
- Content extraction and filtering
- Link discovery and crawling
- HTML parsing and cleaning
- Data structuring and formatting
Key Components
Spider Agent
Create specialized scraping agents:
Spider Task
Define scraping tasks:
Process Types
Sequential or parallel processing:
Scraping Options
Customize scraping parameters:
Examples
Basic Web Scraping Agent
Advanced Scraping with Multiple Agents
Best Practices
Agent Configuration
Agent Configuration
Configure agents with clear scraping focus:
Task Definition
Task Definition
Define specific scraping objectives:
Built-in URL Safety
Spider tools (scrape_page, extract_links, crawl, extract_text) refuse to fetch dangerous URLs before any network request is made. You don’t need to wrap them in a custom validator.
What gets refused
| URL pattern | Example | Why |
|---|---|---|
Non-http/https schemes | file:///etc/passwd, gopher://x | Only web protocols are allowed |
| Loopback | http://127.0.0.1/, http://localhost/ | Blocks access to the local machine |
| Trailing-dot localhost | http://localhost.:8765/ | Some HTTP clients strip the dot and hit loopback |
| Short-form IPv4 | http://127.1:8765/, http://127.1/ | inet_aton expands 127.1 → 127.0.0.1 |
| Octal IPv4 | http://0177.0.0.1:8765/ | 0177 = 127 in octal |
| Hex integer host | http://0x7f000001:8765/ | 0x7f000001 = 127.0.0.1 packed |
| Decimal integer host | http://2130706433:8765/ | 2130706433 = 127.0.0.1 packed |
Internal .localhost suffix | http://api.localhost/ | All *.localhost is loopback by RFC |
| Private / reserved IPs | http://10.0.0.5/, http://192.168.1.1/ | Blocks internal network access |
| Link-local | http://169.254.169.254/ | Blocks cloud metadata services |
| Internal TLDs | http://intranet.local/, http://svc.internal/ | Blocks corporate internal hosts |
| Backslash in URL | http://127.0.0.1:6666\@1.1.1.1 | SSRF-smuggling: urlparse says 1.1.1.1, requests actually hits 127.0.0.1 |
ASCII control chars (< 0x20 or 0x7f) | http://example.com\x00.evil.com, http://example.com\r\n.evil.com | CRLF / NUL injection in the authority |
| Non-string input | None, 123 | Defensive — returns False instead of raising |
The backslash and control-character rejections (the last two rows above) were added in PraisonAI #1578 to close an SSRF bypass where
urllib.parse.urlparse and the HTTP client (requests / httpx) disagreed on the destination host.The alternative loopback encodings (trailing-dot localhost, short-form/octal/hex IPv4, etc.) are validated by the unified _host_is_blocked helper, which also powers URL safety for @url: mentions.
