Back to skill

Security audit

Scrapling MCP

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed web-scraping guidance skill with powerful anti-bot features that should only be used on authorized sites.

Install it in a virtual environment, verify the Scrapling package source, and use stealth, proxy, Cloudflare-solving, login, and crawling features only for sites you own or have explicit permission to scrape. Keep crawl outputs and checkpoints in a known project directory, and do not copy the checkpoint deletion snippet unless you have verified the exact path.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Tp4

High
Category
MCP Tool Poisoning
Confidence
96% confidence
Finding
The skill claims to be an MCP-native guidance layer, but it embeds direct local execution patterns for scraping, stealth fetching, proxy rotation, login automation, fingerprint impersonation, and optional Cloudflare/Turnstile solving. This mismatch is dangerous because it can bypass expected MCP governance, logging, and permission boundaries, while also enabling anti-bot evasion and scraping of protected resources under the guise of harmless guidance.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The documentation exposes web-fetching, browser automation, crawling, and explicit anti-bot/Cloudflare-bypass functionality without any guardrails, authorization guidance, or warnings about legal, privacy, and abuse risks. In an MCP skill context, this lowers friction for misuse by agents or users who may scrape protected targets, evade defenses, or collect data at scale without understanding constraints.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The recipe includes a destructive filesystem operation, `shutil.rmtree("./crawl_checkpoint")`, as a normal reset step without any warning, confirmation, or safer alternative. In an agent skill context, users may copy or adapt this snippet directly, and recursive deletion can remove important data if the path is modified, misresolved, or reused unsafely.

Tool Parameter Abuse

High
Category
Tool Misuse
Content
# To reset and start fresh:
import shutil
shutil.rmtree("./crawl_checkpoint")
spider.start()
```
Confidence
97% confidence
Finding
shutil.rmtree("./

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal