ClawHub

Scrapling MCP

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed advanced web-scraping skill whose anti-bot and local execution examples are risky if misused but fit the stated purpose.

Install only if you need advanced scraping automation and trust the Scrapling dependency chain. Use it only on sites you own or are authorized to scrape, avoid bypassing paywalls or access controls, pin dependencies in a virtual environment, set rate limits, and review any examples that write or delete local files before running them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill presents itself as guidance, but it embeds executable commands and code paths that enable arbitrary outbound network access to user-supplied URLs without any declared permission boundary. In an agent setting, undeclared network capability is risky because it can be invoked implicitly, expanding the skill’s real authority beyond what operators may expect.

Tp4

High
Category
MCP Tool Poisoning
Confidence
96% confidence
Finding
This is a true capability mismatch: the skill claims to be an MCP-native guidance layer, yet the content includes direct local Scrapling usage, live scraping workflows, and references to scripts that perform network fetches and content inspection. Such mismatch is dangerous because users and policy systems may trust the declared purpose while the actual material facilitates broader data collection, anti-bot evasion, and execution outside the intended MCP control path.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The document provides concrete anti-bot bypass patterns, proxy rotation, Cloudflare-solving guidance, and credentialed login scraping examples, while the safety notes are brief and not proportionate to the misuse risk. In context, this materially lowers the barrier to evading site protections and scraping authenticated or protected content, which can facilitate privacy violations, unauthorized access, or abusive automation.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The documentation explicitly promotes 'stealthy' fetching with 'Cloudflare bypass' and provides runnable examples for anti-bot evasion without any warning about authorization, terms-of-service, privacy, or legal constraints. In an MCP skill intended to guide agent behavior, this lowers the barrier to misuse for unauthorized scraping and bot-detection circumvention, making the content operationally risky even though it is framed as setup guidance rather than an exploit.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The media downloader example writes remote content directly to a local path, but the recipe does not warn users that running it will create files on disk. In a scraping skill, local file creation is expected behavior, but the lack of disclosure and safeguards increases the chance of unintended storage use, overwrites in reused directories, or saving untrusted content from arbitrary URLs.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The checkpoint reset example performs a recursive directory deletion with shutil.rmtree("./crawl_checkpoint") without an explicit warning that this is destructive. Even though the path is hardcoded in the example, users may adapt the pattern to other paths, and destructive deletion examples in agent skills are risky when copied into automation workflows.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal