Security audit

Crawler

Security checks across malware telemetry and agentic risk

Overview

This skill is a reference-only web crawling guide, but it includes dual-use anti-bot and proxy advice that should be used only for authorized crawling.

Install only if you need a scraping reference. Prefer official APIs, follow robots.txt and site terms, identify your crawler honestly, rate-limit requests, and do not use the anti-detection, CAPTCHA-solving, residential proxy, fingerprint, or cookie/session rotation advice to bypass a site's controls.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (5)

Description-Behavior Mismatch

Medium

Confidence: 95% confidence
Finding: This section goes beyond neutral reference material and provides actionable anti-bot evasion guidance, including use of real browsers, curl_cffi, rotating proxies, and CAPTCHA-solving services. In a skill framed as a web crawling reference, that materially lowers the barrier to bypassing website defenses and can facilitate unauthorized scraping or policy evasion.

Description-Behavior Mismatch

Medium

Confidence: 98% confidence
Finding: The proxy rotation section explicitly recommends anti-detect measures such as rotating IPs, User-Agents, headers, and TLS fingerprints. Those are concrete evasion tactics intended to defeat bot detection and access controls, which makes the skill more dangerous than a purely educational reference.

Description-Behavior Mismatch

Medium

Confidence: 96% confidence
Finding: The FAQ directly answers how to avoid getting blocked with step-by-step evasion tactics, including rotating user agents, using residential proxies, matching browser fingerprints, handling CAPTCHAs, and rotating sessions. That is operational misuse-enabling content, not merely descriptive background, and it can be readily applied to circumvent anti-abuse controls.

Natural-Language Policy Violations

Medium

Confidence: 99% confidence
Finding: The line explicitly promotes anti-detect techniques to evade bot defenses by rotating identifiers and fingerprints. This is dangerous because it provides a concise recipe for disguising automated scraping activity and bypassing detection systems intended to protect services.

Natural-Language Policy Violations

Medium

Confidence: 98% confidence
Finding: This FAQ answer gives practical instructions for defeating blocking controls rather than encouraging lawful, transparent crawling. The combination of proxy use, fingerprint matching, CAPTCHA handling, and cookie/session rotation materially assists evasion of anti-bot protections.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal