ClawHub

Crawl4ai

Security checks across malware telemetry and agentic risk

Overview

This is a legitimate web-scraping helper, but it needs Review because it includes anti-bot bypass advice and an unrelated GitHub login instruction.

Install only if you need browser-based web scraping. Use it only on sites and pages you are authorized to access, avoid the Cloudflare/proxy bypass guidance, do not run gh auth login for this skill unless a separate GitHub task requires it, and treat screenshots, saved HTML, and extracted data as potentially sensitive.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger phrases are broad enough to match many ordinary requests like getting data from a URL or parsing HTML, which can cause the scraping skill to activate when a safer or more limited capability would suffice. In agent workflows, ambiguous invocation expands the chance of unnecessary external network access, over-collection of data, and execution of more invasive scraping features such as JavaScript rendering or screenshots.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The description omits a clear warning that the skill performs external network requests and may capture screenshots or collect structured content from third-party pages. That missing disclosure is dangerous because users may not realize the skill can transmit requests off-system, process potentially sensitive page data, and store artifacts, especially in contexts involving internal URLs, authenticated sessions, or personal data.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The guidance explicitly recommends changing user-agents and using residential proxies to get around Cloudflare bot detection, which normalizes anti-detection evasion rather than compliant troubleshooting. In a web-scraping skill, this is materially risky because users may apply it to bypass access controls, violate site terms, or conceal abusive scraping activity without any warning about legal, ethical, or account consequences.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The prompt examples are broad enough to encourage unrestricted site-wide scraping requests without requiring the user to specify ownership, authorization, target scope, or rate limits. In an agent skill, this can normalize indiscriminate collection from third-party sites and increase the chance of privacy violations, terms-of-service abuse, or high-impact scraping against unintended targets.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The examples document multiple scraping patterns, including pagination, dynamic content, and broad extraction, but provide no warnings about authorization, privacy, personal data handling, or operational impact on target sites. In this context, the omission is risky because the skill is explicitly designed to be invoked by an agent, so examples strongly shape behavior and may lead users or downstream agents to perform abusive or non-compliant scraping by default.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The script loads attacker-controlled local HTML into a headless browser/crawler via a file:// URL, which can cause active page content such as JavaScript, subresource requests, or browser parsing side effects to execute during extraction. In a scraping skill, this is more dangerous because users may process untrusted HTML at scale, enabling unintended outbound network requests, local file context exposure, or browser-engine attack surface exposure without any warning or sandbox controls.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal