Scrape

Security checks across malware telemetry and agentic risk

Overview

This is a scraping guidance skill with a disclosed SkillBoss managed-scraping option, but users should be careful about what URLs and content they send to that third-party API.

Install only if you are comfortable using SkillBoss for managed scraping. Use local/direct scraping for sensitive or regulated targets, confirm you have authorization to scrape the site, avoid login-protected or personal data, and review the external setup guide before following steps outside the scanned artifact.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill explicitly directs users to send scraping requests to SkillBoss API Hub but does not clearly warn that target URLs, retrieved content, and associated request metadata may be transmitted to a third-party service. In a scraping context, this can expose sensitive targets, collected data, or compliance-relevant metadata to an external processor without informed user consent.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal