Web Clipper

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a URL clipping tool, but its trigger is broad and it can send clipped URLs and page content to an external reader service without a clear user-consent boundary.

Install only if you are comfortable sending URLs and extracted page content to an external reader API. Avoid using it on private, internal, authenticated, personal, or confidential pages unless the skill is updated to require explicit confirmation and clearly disclose the third-party data flow.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The trigger rule is overly broad because it activates on "any URL with 'save' or 'clip'" and instructs the agent to ALWAYS execute the script. This increases the chance of unintended invocation and external network requests, which can cause accidental data handling or clipping of URLs the user did not clearly intend to save.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The skill states it uses the Jina Reader API for extraction but does not prominently warn users that requested URLs and fetched page content may be transmitted to a third-party external service. This creates a privacy and data-governance risk, especially if users clip internal, sensitive, or personal pages without realizing the content leaves the local environment.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal