ClawHub

Web Reader

Security checks across malware telemetry and agentic risk

Overview

This web archiver mostly does what it says, but it can use logged-in browser sessions and stealth browsing to download and save content, so users should review it carefully before installing.

Install only if you are comfortable with the agent fetching URLs, running scraping/video tools, and saving archives locally. Use a dedicated browser profile if cookies are needed, avoid private or premium content unless you have permission, set the archive directory deliberately, and prefer explicit confirmation before authenticated or anti-detection fetches.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (11)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill clearly performs file reads/writes, network access, and shell command execution, but it does not declare permissions or present explicit consent boundaries. This makes the skill harder to audit and increases the chance it will be invoked with capabilities the user did not expect, especially because it archives content to local paths and runs external tools.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The function accepts a cookies_browser parameter and passes it to yt-dlp's --cookies-from-browser option, enabling extraction of browser cookies for authenticated sessions. In a web-reader/download skill, this materially expands privilege from public-content fetching to access using the operator's logged-in browser state, which can expose private or paid content and sensitive session data pathways.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger list contains broad everyday phrases such as '摘要', '总结文章', and 'summarize', which can accidentally match unrelated user intent and auto-route into a skill that downloads remote content and writes files. In this context, overbroad invocation is more dangerous because the skill has network, shell, and filesystem side effects rather than being read-only.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The workflow instructs the agent to first download and archive content to a configured local directory, but the description does not clearly warn that local files will be created and where they may be stored. This is risky because users may think they are asking for analysis only, while the skill performs persistent writes to potentially sensitive directories such as synced or shared storage.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill supports using browser cookies or authenticated browser context to access restricted content, but the description does not clearly warn that it may operate with the user's logged-in session. In context, this materially increases risk because the skill fetches remote content, may access private documents or subscription content, and could process data the user did not intend to expose through the agent.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The function performs network fetches and writes retrieved content and downloaded images to disk automatically, but there is no explicit consent, destination confirmation, or warning about these side effects. In an agent skill context, this can surprise users, persist untrusted remote content locally, and be abused to fetch attacker-controlled URLs or store harmful/undesired material.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
This code uses camoufox specifically for anti-detection browsing of user-supplied URLs without an explicit warning or consent gate. In an agent setting, stealth browsing materially increases risk because it can access attacker-controlled pages with a full browser engine, trigger additional network activity, and obscure the nature of the action from the user.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The code fetches every discovered image URL from the rendered Feishu document using browser-side `fetch(url, {credentials: 'include'})`, which automatically attaches the user's authenticated session cookies. That means opening an attacker-controlled or unexpected Feishu document can trigger authenticated requests for embedded resources without an explicit user warning or consent, potentially disclosing protected content into local archives and expanding the trust boundary from 'view document' to 'download session-backed assets'.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The code can access browser-backed authentication material without any user-facing warning, confirmation, or explanation of what data will be used. That creates a consent and transparency failure: a user may believe the skill only downloads a public video, while it actually leverages their local authenticated browser session.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The documentation explicitly instructs operators to use `--cookies-browser chrome` to access premium Bilibili content, which can import authenticated browser cookies into a download workflow. That creates credential and privacy risk because it encourages reuse of sensitive session material without any warning, consent flow, scope limitation, or guidance on safe handling.

Natural-Language Policy Violations

Low
Confidence
78% confidence
Finding
The skill recommends camoufox for anti-fingerprint browsing to bypass platform anti-bot controls, but provides no justification, policy boundary, or user opt-in language. In a web-fetching skill, this increases abuse potential by normalizing stealthy access patterns that may evade platform protections and facilitate scraping beyond what a user expects.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal