ClawHub

webclaw

Security checks across malware telemetry and agentic risk

Overview

This web extraction skill is mostly coherent, but it needs review because it routes data through a third-party API, supports persistent web monitors, and encourages endpoint discovery without clear authorization limits.

Install only if you are comfortable sending target URLs, search queries, extraction prompts, page content, and monitor results to Webclaw's cloud service. Avoid using it on secrets, internal/private URLs, customer data, or third-party sites where endpoint enumeration is not authorized. Treat watch/webhook setup as an ongoing external data flow and delete monitors when no longer needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The guidance says to use the skill 'Always' for web content needs, which encourages overuse in routine browsing scenarios without checking sensitivity, user consent, or whether a safer built-in fetch would suffice. In practice, this can cause unnecessary third-party transmission of user-supplied URLs, queries, and page contents.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill explains the API base and authentication but does not provide a user-facing warning that supplied URLs, search queries, extracted page content, and possibly derived summaries/research inputs are transmitted to `api.webclaw.io`. This creates a material transparency and privacy gap, especially when users may assume web-fetching happens locally or within the host platform.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The watch/monitoring feature schedules persistent requests and can send change data to a user-specified webhook, but the skill does not clearly warn users about the persistence, external delivery, and ongoing data exposure this creates. That can lead to unintended continuous surveillance, data leakage, or posting sensitive diffs to insecure webhook endpoints.

Ssd 2

Medium
Confidence
89% confidence
Finding
The skill explicitly promotes discovering API endpoints a page's JavaScript calls, which meaningfully assists reconnaissance against target sites. While not an exploit by itself, this lowers the barrier for reverse-engineering and mapping backend surfaces that can be used in later attacks or abuse.

Ssd 2

Medium
Confidence
93% confidence
Finding
The endpoint-discovery section frames the feature as useful for reverse-engineering a site's backend before scraping, directly encouraging reconnaissance behavior against third-party properties. This operational guidance increases dual-use risk because it turns a generic parser into a workflow for backend surface enumeration.

Ssd 2

Medium
Confidence
93% confidence
Finding
The tips section explicitly advises using the tool to reverse-engineer a site's backend and enumerate third-party calls, which provides tactical reconnaissance guidance. In a user-invocable agent skill, that makes potentially abusive discovery easier and more attractive.

VirusTotal

52/52 vendors flagged this skill as clean.

View on VirusTotal