ClawHub

Agresource

Security checks across malware telemetry and agentic risk

Overview

This scraper mostly matches its stated purpose, but it includes embedded AgResource login credentials that could be used without the installer realizing.

Review before installing. Do not run this skill until the embedded credentials are removed and rotated, and require your own AGRESOURCE_EMAIL and AGRESOURCE_PASSWORD. Also verify the Playwright dependency source, confirm any cron schedule and Telegram destination, and understand that paid newsletter-derived content may be stored locally.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The file embeds real-looking fallback credentials and automatically uses them to log into a remote third-party account. Hardcoded secrets in source code are inherently unsafe because anyone with code access can recover and reuse them, and this scraper then accesses authenticated content and stores the results locally, increasing the chance of unauthorized account use and data exposure.

Intent-Code Divergence

Medium
Confidence
85% confidence
Finding
The code comments imply only a summary will be saved, but the implementation also writes full newsletter text and raw content to disk. This discrepancy is dangerous because it expands data retention beyond what a reviewer or user would expect, potentially storing copyrighted, sensitive, or account-only material in a local directory without clear notice or controls.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The skill sends newsletter-derived summaries and sales advice to Telegram without clearly warning users that scraped content may be transmitted to a third-party messaging service. This can expose proprietary, subscription-only, or otherwise sensitive newsletter-derived information outside the local environment, increasing the risk of unintended disclosure.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill persistently stores scraped newsletter summaries, optional full content, and sentiment history under a user home directory without prominently warning about local retention. If the host is shared, backed up, synced, or otherwise accessible, this creates a confidentiality risk for proprietary newsletter content and derived trading intelligence.

Missing User Warnings

High
Confidence
99% confidence
Finding
Using hardcoded fallback credentials for automated login means the script will silently transmit embedded secrets to a remote service whenever environment variables are not set. In skill context, this is especially risky because an agent may run the script unattended, causing covert account access with credentials the operator did not knowingly provide.

Missing User Warnings

High
Confidence
99% confidence
Finding
The code embeds real-looking fallback credentials directly in source, which exposes secrets to anyone with file access and risks unauthorized access to the remote AgResource account. Because the script will silently use these values when environment variables are absent, it can also cause accidental use of a shared or personal account without operator awareness.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The scraper stores full-page screenshots and substantial newsletter content under a user home-directory path, creating a local cache of potentially sensitive proprietary data. If the machine is shared, backed up externally, or later compromised, this persistent storage increases the exposure window and may leak account-specific or licensed content.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal