Grok Scraper

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says, but it uses a persisted logged-in X/Grok browser session and retains broad local artifacts with limited safety disclosure, so users should review it carefully before installing.

Install only if you are comfortable using your own logged-in X Premium session for automation. Do not use this on shared machines, do not submit sensitive prompts, protect or delete the session and output directories when finished, avoid cron unless you understand the account risk, and confirm that this use complies with X/Grok terms for your situation.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Rogue AgentSelf-Modification, Session Persistence
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (14)

Context-Inappropriate Capability

High

Confidence: 98% confidence
Finding: The README explicitly markets the skill as a way to avoid official API access controls and billing by automating the web interface. That creates legal, account-security, and platform-abuse risk, and encourages use outside supported access patterns, which can lead to account suspension or misuse of authenticated sessions.

Context-Inappropriate Capability

Medium

Confidence: 93% confidence
Finding: The optional recording feature captures the full authenticated browser session, not just the Grok response. That can expose unrelated page content, account information, prompts, cookies-adjacent session activity visible in the UI, or other sensitive data if the recording is stored, shared, or exfiltrated.

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: The script saves full-page screenshots and detailed DOM debug data that are broader than the task of retrieving a Grok answer. These artifacts can contain sensitive account state, unrelated content, selectors, and page text metadata, increasing the privacy and data-retention risk surface.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The documentation instructs users to log into x.com and persist browser session data and scraped outputs, but does not clearly explain the privacy and security implications of storing authenticated session state and potentially sensitive prompts/results on disk. In this context, the omission is more dangerous because the skill operates under a real user account and automates access to a third-party service.

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The README instructs users to log into x.com and persist a browser session locally, but it does not clearly warn that session artifacts may contain sensitive authentication material and browsing data. In a skill built around browser automation and scraping, unclear disclosure increases the risk of credential/session theft, unintended data retention, and unsafe deployment on shared systems.

Natural-Language Policy Violations

Medium

Confidence: 90% confidence
Finding: The README explicitly markets the tool as a way to bypass API limits and avoid API billing by automating the web interface. That framing encourages use patterns likely to violate platform terms, evade intended controls, and expose users or organizations to account restriction, legal/compliance issues, and abuse of stored authenticated sessions.

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The invocation guidance is broad enough that an agent may select this skill for routine requests to 'ask Grok' or search for current information, even when the user did not explicitly consent to using their logged-in X browser session. Because this skill drives a real authenticated account and browser automation, over-triggering can cause unintended account actions, privacy exposure, and use of a paid/account-bound resource in contexts where safer alternatives exist.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The skill does not prominently warn that prompts and retrieved data are sent through the user's authenticated x.com session tied to an X Premium account. Without an explicit warning, users and orchestrating agents may not understand that queries are being performed as the logged-in user, which creates meaningful privacy, consent, and account-risk concerns if sensitive prompts are submitted or activity is attributed to that account.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The script automatically opens an authenticated X/Grok session, submits a prompt to an external service, and captures resulting page content without any consent gate, warning, or data-minimization controls. In the context of a browser automation skill specifically designed to use Grok through a persisted session, this can unintentionally transmit user data and collect account-associated content from a live session.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The script extracts broad DOM text and simplified HTML from a live authenticated page, saves a screenshot, logs content previews to stdout, and writes DOM data to local files. On a logged-in X/Grok page, this may capture sensitive account data, conversation history, recommendations, or other incidental private content beyond the intended response, making the data-exposure risk more serious in this skill context.

Missing User Warnings

Medium

Confidence: 86% confidence
Finding: The script captures and writes the full Grok reply HTML from a live authenticated session to disk, which can include sensitive or unexpected content beyond the intended debugging metadata. Persisting raw page-derived HTML increases the risk of local data exposure, accidental sharing, or downstream unsafe handling if other tools later open or process the saved file.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The script launches a persistent Playwright browser context in a local session directory, which stores authenticated browser state such as cookies and other session artifacts on disk after a manual login to x.com. In the context of a skill explicitly designed to access Grok/X without an API key, this materially increases the risk of account/session theft or unintended reuse if the session directory is exposed, copied, committed, or left on a shared system; the current console messaging says the session will be saved, but does not clearly warn that sensitive login state will persist locally.

Missing User Warnings

Medium

Confidence: 83% confidence
Finding: The tool transmits user-supplied prompts to a third-party service using an authenticated browser session without clear privacy disclosure or consent at runtime. In this skill context, users may provide sensitive requests while assuming a local automation tool, making undisclosed third-party transmission materially risky.

Session Persistence

Medium

Category: Rogue Agent
Content: ### 3. Scheduled Execution (Cron) ```bash crontab -e ``` Add a line to run every 6 hours: ```
Confidence: 78% confidence
Finding: crontab -e

VirusTotal

38/38 vendors flagged this skill as clean.

View on VirusTotal