Security audit

Web Fetcher

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward web-fetching helper, but URLs may be sent to named third-party readability services.

Use this skill for public pages or URLs you are comfortable sharing with the listed readability services. Avoid private documents, presigned links, intranet or localhost URLs, account pages, and sensitive query parameters unless you intentionally want the agent and those third-party services to process them.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 90% confidence
Finding: The skill explicitly instructs the agent to fetch arbitrary external URLs using multiple network-based services and browser fallbacks, but the metadata shown does not declare corresponding permissions. That mismatch is a real security issue because it obscures the skill's effective capabilities, weakening policy enforcement, user consent, and review controls around outbound network access and data exfiltration paths.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The script sends the user-provided destination URL to third-party services (r.jina.ai, markdown.new, defuddle.md) without any consent, warning, or allowlisting. This can leak sensitive URLs, query parameters, internal endpoints, or private document locations to external operators, which is especially risky in a web-fetching skill that may be used on arbitrary user-supplied targets.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal