AI Data Scraper

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward data-scraping skill with some broken implementation details and missing responsible-use guidance, but no evidence of hidden, destructive, or deceptive behavior.

Before installing, review the script and use it only on sites or APIs you are authorized to access. Pass trusted URLs, keep scraping frequency conservative, avoid collecting sensitive personal data unless you have a lawful basis, and do not rely on the advertised proxy, retry, or scheduling features without fixing or replacing the current script.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: This skill advertises web scraping, API extraction, proxy use, and scheduled monitoring without any warning about authorization, privacy, rate limits, terms-of-service, or operational impact. That omission can lead users to deploy the skill against third-party systems or personal data in ways that create legal, privacy, and service-abuse risk, especially because the examples normalize repeated automated collection.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal