ClawHub

HARPA AI

Security checks across malware telemetry and agentic risk

Overview

This skill is a legitimate HARPA browser-automation helper, but it can act through logged-in browser sessions and send page results or AI context to external services with broad user-controlled scope.

Install only if you trust HARPA AI and intend to let it automate a browser profile. Prefer a dedicated browser profile or node with minimal logged-in accounts, approve each target URL, action, AI connection, node selection, and webhook destination, and avoid using {{page}}, wildcard nodes, or long-lived webhooks on confidential pages.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly promotes scraping and AI prompting against live browser sessions and notes that behind-login pages work because HARPA uses the user's cookies and authenticated state, yet it does not clearly warn that page contents and potentially sensitive authenticated data are transmitted to a third-party API. This creates a meaningful privacy and data-exfiltration risk, especially when users may apply the skill to internal apps, email, dashboards, or other sensitive sites.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The webhook feature allows results to be posted to an arbitrary endpoint and states that the action may remain alive for up to 30 days, but it lacks a strong warning that extracted results may be sent to third-party infrastructure and retained. If users scrape sensitive pages or AI outputs containing secrets, this can cause unintended disclosure well beyond the original HARPA service boundary.

External Transmission

Medium
Category
Data Exfiltration
Content
Execute one of 100+ built-in HARPA commands or a custom automation on a target page.

```bash
curl -s -X POST https://api.harpa.ai/api/v1/grid \
  -H "Authorization: Bearer $HARPA_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
Confidence
83% confidence
Finding
https://api.harpa.ai/

External Transmission

Medium
Category
Data Exfiltration
Content
Send a custom AI prompt with page context. Use `{{page}}` to inject the page content.

```bash
curl -s -X POST https://api.harpa.ai/api/v1/grid \
  -H "Authorization: Bearer $HARPA_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
Confidence
96% confidence
Finding
https://api.harpa.ai/

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal