ClawHub

skroller

Security checks across malware telemetry and agentic risk

Overview

Skroller does what it claims, but it combines broad social-media scraping with anti-bot evasion guidance, raw personal-data persistence, credential/session handling, and unsafe local export commands.

Install only after review. Use official APIs where possible, avoid the anti-bot/proxy guidance, do not scrape authenticated or personal data at scale without legal and platform approval, treat cookies and API tokens as secrets, and avoid Bear or Apple Notes export on untrusted scraped content until command construction is fixed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (9)

Intent-Code Divergence

High
Confidence
97% confidence
Finding
The document explicitly frames anti-bot avoidance as legitimate and says not to hide automation, but elsewhere provides operational guidance that enables concealment from platform detection. That contradiction makes the content dangerous because it can be directly used to evade anti-abuse controls while preserving plausible deniability in the surrounding text.

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The file says users should not hide automated activity, yet it later instructs on techniques whose purpose is to reduce detectability of automation. In a scraping/automation context, that materially increases misuse potential by helping operators bypass platform defenses and terms-based controls.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
This is a real privacy/compliance issue: the script generates markdown digests containing raw `author` values and full `text` content from posts, despite the file’s own stated requirement to anonymize personal data. If the input contains personal data, usernames, handles, or sensitive post content, the digest becomes a secondary disclosure artifact that can be stored, shared, or retained more broadly than the source data.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill encourages exporting scraped social media data into third-party note apps and cloud services such as Notion, OneNote, and others, but the examples and surrounding guidance do not clearly warn that scraped content may contain personal data, copyrighted material, or platform-restricted information. This creates a real privacy and compliance risk because users may transfer collected data into additional processors or cloud environments without considering consent, retention, access controls, or cross-border disclosure.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
This is a true issue: the document gives concrete anti-bot evasion guidance such as random delays, user-agent rotation, and residential proxies, but does not pair it with a specific warning about account bans, legal exposure, or platform-enforcement consequences. In a scraping-oriented skill, such advice materially lowers the barrier to abusive or policy-violating collection and can facilitate stealthier unauthorized access patterns.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
This is a true issue because the file recommends unofficial API wrappers and third-party scraping services without warning about credential theft, privacy leakage, data resale, or compliance risks. In practice, directing users toward unofficial intermediaries can expose tokens, scraped personal data, and operational metadata to unvetted providers, increasing both security and legal risk.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The cookie persistence example writes authentication/session cookies to disk without discussing encryption, file permissions, expiration, or theft risk. Stored session material can be reused by an attacker or another local process to hijack authenticated sessions, especially in shared or insecure environments.

Natural-Language Policy Violations

High
Confidence
99% confidence
Finding
This section gives concrete anti-bot evasion instructions including user-agent rotation, randomized delays, mouse movement simulation, and proxy rotation. These are standard stealth techniques for disguising automation, and including them in a skill materially lowers the barrier to abusive scraping and circumvention of platform enforcement.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The script collects social-media post text, author identifiers, timestamps, engagement data, and URLs, then writes that data to local files and a deduplication database without any runtime notice, consent checkpoint, retention control, or minimization. In an agent/skill context, this enables quiet bulk collection and persistence of personal data, increasing privacy, compliance, and misuse risk even if the stated purpose is research.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal