ClawHub

Web Fetcher

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed web article and video downloader, with sensitive cookie-based modes that users should enable only deliberately.

Install only if you want a local downloader that can fetch webpages, images, and videos. Use a dedicated output directory, avoid untrusted URLs, and use `--cookies-browser`, Feishu authenticated fetching, or anti-bot browser modes only for accounts and content you are authorized to access.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Missing User Warnings

Medium
Confidence
75% confidence
Finding
The README explicitly advertises browser-cookie usage and authenticated fetching, which can grant the tool access to session-bound or private content from the user's logged-in browser context. While this is a legitimate feature for fetching protected pages, the documentation provides no warning that using browser cookies exposes privacy-sensitive authentication material and may cause the tool to access data beyond public content.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger phrases are broad and overlap with common user intents such as fetching a URL, downloading a webpage, or saving article content. This increases the chance of accidental activation, causing the skill to retrieve remote content or save files locally in contexts where the user did not intend to invoke a network-capable fetcher.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation mentions authenticated fetches and browser-cookie usage in troubleshooting and options, but it does not prominently warn that the skill may access logged-in session cookies and save authenticated remote content to disk. In this context, that omission is risky because the skill targets platforms like Feishu and premium video sites where fetched content may be private or account-scoped.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill exposes a flag to extract cookies from a local browser profile and passes that value downstream without any user-facing warning, consent prompt, or restriction. In an agent skill that fetches remote content, this can quietly leverage a user's authenticated browser session to access private resources, creating privacy and credential-handling risk even if the primary goal is content retrieval.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The code enumerates all img[src] values from the loaded document and fetches them in the browser context with credentials included, which can trigger authenticated requests to attacker-controlled or unexpected origins if the document embeds hostile image URLs. In a web-fetching skill, this is more dangerous because the input URL and document content are untrusted, so the fetcher may leak session context, act as a cross-origin request gadget, or perform unintended authenticated network access during scraping.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The function accepts a cookies_browser parameter and passes it to yt-dlp's --cookies-from-browser option without any user-facing warning, consent flow, or scope restriction. This can cause extraction of authenticated browser cookies and use them against third-party sites, exposing private account data or enabling unauthorized access to subscription- or account-gated content.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal