ClawHub

E-commerce Data Scraper Pro

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward web/API scraping skill whose network access, file output, and optional auth use match its stated purpose, with ordinary setup and dependency hygiene cautions.

Install in a virtual environment, review the small script before use, and only point it at sites or APIs you are authorized to access. Avoid passing long-lived secrets on the command line because shell history may retain them, and pin or lock dependencies if you need reproducible production use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
97% confidence
Finding
The skill documentation describes capabilities that imply local file access, file creation, and outbound network access, but the skill does not declare permissions or clearly surface those capabilities in a structured way. This can mislead users and the hosting platform about the tool's real authority, reducing informed consent and weakening security review.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill supports scraping remote sites and APIs, using proxies, scheduled collection, and writing results to files, but it does not clearly warn that data will be transmitted to third-party endpoints and persisted locally. In practice, users may unintentionally send sensitive tokens or scrape sensitive content and store it insecurely, especially in batch or automated runs.

Unpinned Dependencies

Low
Category
Supply Chain
Content
# Data Scraper 依赖

# HTTP 请求
requests>=2.28.0

# HTML 解析
beautifulsoup4>=4.11.0
Confidence
94% confidence
Finding
requests>=2.28.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.28.0

# HTML 解析
beautifulsoup4>=4.11.0

# Excel 输出(可选)
openpyxl>=3.0.0
Confidence
90% confidence
Finding
beautifulsoup4>=4.11.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
beautifulsoup4>=4.11.0

# Excel 输出(可选)
openpyxl>=3.0.0

# 数据处理(可选)
pandas>=1.5.0
Confidence
93% confidence
Finding
openpyxl>=3.0.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
openpyxl>=3.0.0

# 数据处理(可选)
pandas>=1.5.0

# JavaScript 渲染支持(可选,高级功能)
# playwright>=1.30.0
Confidence
90% confidence
Finding
pandas>=1.5.0

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal