ClawHub

Crawlee Web Scraper

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed web-scraping skill, but it is built to bypass blocking protections and lacks clear limits or authorization safeguards.

Install only if you have a legitimate, authorized scraping use case. Use an isolated environment, pin dependencies, limit targets to approved domains, avoid passing sensitive headers or internal URLs, and do not use it to bypass sites that prohibit automated access.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill exposes significant capabilities—network access, shell execution, and file read/write—yet does not declare any permissions or constraints. This creates a transparency and governance gap: users or orchestrators may invoke the skill without understanding its ability to access local files, write output, or run commands, which increases the risk of misuse or unintended data exposure.

Natural-Language Policy Violations

Medium
Confidence
95% confidence
Finding
The file description explicitly markets the skill for 'bot-detection evasion' and using Crawlee when normal access is blocked, which encourages bypassing site protections. In an agent skill context, that increases the likelihood of unauthorized scraping, policy violations, and use against targets that have already signaled access should be restricted.

Missing User Warnings

Medium
Confidence
72% confidence
Finding
This helper automatically sends caller-provided URLs and optional headers over the network and silently retries via a second mechanism designed to evade blocking. In an agent setting, that can cause unintended disclosure of sensitive URLs, tokens in headers, or access to internal resources without clear user awareness or consent.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The code automatically launches a secondary scraper specifically for bot-detection evasion when the initial request is blocked. In a security-sensitive agent environment, automatically switching to evasive behavior increases legal, policy, and misuse risk and may bypass operator expectations about how network access is performed.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal