Alvis Web Scrape

Security checks across malware telemetry and agentic risk

Overview

This scraping guidance skill is coherent and purpose-aligned, but users should be careful about sending URLs and extracted content to the third-party SkillBoss API.

Install only if you are comfortable using SkillBoss API Hub for managed scraping. Use it for public, authorized pages, follow robots.txt and site terms, avoid protected or personal data, and do not use anti-bot handling to bypass access controls or explicit scraping prohibitions.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill recommends using a managed third-party scraping API but does not explicitly warn that target URLs, page contents, and potentially personal data may be transmitted to SkillBoss infrastructure. In a scraping context, this omission can lead users to unknowingly export regulated or sensitive data to an external processor, creating privacy, confidentiality, and compliance risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal