Back to skill

Security audit

Crawl4ai

Security checks across malware telemetry and agentic risk

Overview

This is a legitimate web-scraping skill, but it needs review because its docs include anti-bot bypass advice and an unrelated GitHub login instruction alongside broad scraping capabilities.

Install only if you need browser-based scraping. Use it only on sites and pages you are authorized to access, avoid the Cloudflare proxy/user-agent bypass guidance, do not run `gh auth login` for this skill unless you have a separate GitHub task, and avoid saving screenshots or HTML from private or authenticated pages unless you intend to retain that sensitive data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill advertises and demonstrates network access plus likely file read/write behavior through scraping scripts and output handling, but it declares no permissions in the metadata. This creates a transparency and policy-enforcement gap: users or orchestrators may invoke a capability-rich skill without clear consent boundaries, increasing the risk of unintended data access or exfiltration.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The description explains scraping functionality but does not clearly warn that user-supplied URLs will be contacted and that page content will be retrieved from external sites. In an agent setting, this omission can mislead users about outbound data flow and may cause them to submit sensitive internal URLs or content without realizing it will be transmitted externally.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The examples encourage screenshot capture, structured extraction, and dynamic-page scraping without warning that these operations may collect personal, confidential, or regulated data visible on the target page. Because screenshots and bulk extraction preserve more context than minimal text scraping, they can materially increase privacy exposure if users aim the skill at sensitive pages.

Missing User Warnings

Low
Confidence
87% confidence
Finding
The documentation recommends writing scraped HTML directly to a local file for debugging without warning that page content may contain sensitive data such as session-specific information, personal data, or proprietary content. In a web-scraping skill, this increases the chance that operators persist sensitive material to disk where it may be retained, exposed to other users/processes, or accidentally committed to source control.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The examples promote broad web scraping, dynamic-content execution, pagination, link extraction, structured-data harvesting, and screenshot capture without any guidance on authorization, privacy, robots/terms compliance, sensitive-data handling, or rate limiting. In an agent skill context, these examples can normalize collecting third-party site content and visual captures at scale, increasing the chance of misuse or accidental collection of personal, confidential, or copyrighted data.

Missing User Warnings

Low
Confidence
80% confidence
Finding
The script writes directly to the user-supplied output path with no existence check or confirmation, so an operator can accidentally overwrite an existing file. In this skill context, the danger is limited because the path is explicitly provided by the caller, but it can still cause destructive loss of local data or clobber important files during automation.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.