hn-crawler

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed web-crawling and summarization skill with ordinary local outputs, though users should confirm the target URL and dependency versions before running it.

Install it in an isolated Python environment, review or pin dependency versions if reproducibility matters, and only run it against URLs you explicitly intend to crawl. Generated files contain web-derived content, so treat summaries and links as untrusted information rather than instructions.

SkillSpector

By NVIDIA

Vulnerability Patterns

Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (8)

Description-Behavior Mismatch

Medium

Confidence: 95% confidence
Finding: The skill metadata says it is intended to crawl hn.aimaker.dev, but the implementation accepts an arbitrary URL from CLI arguments or environment variables. In an agent setting, this broadens the trust boundary and can enable unintended outbound requests, including access to internal services or attacker-controlled endpoints, which is a real security issue if callers assume the skill is domain-restricted.

Description-Behavior Mismatch

Medium

Confidence: 93% confidence
Finding: The skill is described as targeting hn.aimaker.dev, but the CLI accepts an arbitrary --url or TARGET_URL value. In an agent setting, this broadens the skill into a generic web fetcher and can enable unintended access to internal services, localhost, or other off-scope endpoints if upstream crawl logic follows this parameter.

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The description says the skill should be invoked not only for hn.aimaker.dev but also to 'process web content through the full pipeline,' which is an overly broad trigger. That wording can cause the agent to apply a network-capable crawling pipeline to arbitrary user-supplied URLs or generic web tasks, expanding scope beyond the named site and increasing risk of unintended fetching, mishandling sensitive URLs, or abuse of the skill as a general crawler.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The markdown explains a multi-stage crawl/extract/organize/summarize workflow that performs outbound network access and writes several artifacts to disk, but it does not present a clear upfront warning to users about those side effects. Without prominent disclosure, users may invoke the skill expecting passive analysis while the agent actually downloads remote content, installs dependencies, and creates multiple local files.

Unpinned Dependencies

Low

Category: Supply Chain
Content: # HN Crawler Skill 依赖 # HTTP 请求 requests>=2.31.0 urllib3>=2.0.0 # HTML 解析
Confidence: 92% confidence
Finding: requests>=2.31.0

Unpinned Dependencies

Low

Category: Supply Chain
Content: # HTTP 请求 requests>=2.31.0 urllib3>=2.0.0 # HTML 解析 beautifulsoup4>=4.12.0
Confidence: 92% confidence
Finding: urllib3>=2.0.0

Unpinned Dependencies

Low

Category: Supply Chain
Content: urllib3>=2.0.0 # HTML 解析 beautifulsoup4>=4.12.0 lxml>=4.9.0 # 数据处理
Confidence: 89% confidence
Finding: beautifulsoup4>=4.12.0

Unpinned Dependencies

Low

Category: Supply Chain
Content: # HTML 解析 beautifulsoup4>=4.12.0 lxml>=4.9.0 # 数据处理 # (使用 Python 标准库)
Confidence: 93% confidence
Finding: lxml>=4.9.0

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal