Media Crawler

Security checks across malware telemetry and agentic risk

Overview

This is a coherent MediaCrawler helper, but installation runs broad unverified setup code and the crawler may retain login/session and collected data without clear cleanup guidance.

Review the setup script and upstream repository before installing, and prefer running it in a container or isolated account. Expect it to download and execute external code, install dependencies and a browser, modify $HOME/MediaCrawler, and retain collected results and possibly login/session state until you manually remove them.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (4)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 90% confidence
Finding: The skill invokes shell commands (`bash scripts/setup.sh`, `bash scripts/show_results.sh`) and other executable commands (`uv run ...`) but does not declare any permissions or clearly signal that shell execution is required. This creates a trust and safety gap: an agent or user may execute installation or helper scripts without an explicit permission boundary, increasing the risk of unintended code execution if those scripts are modified or malicious.

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The README explicitly states that setup will auto-install tools, clone or update a repository, sync dependencies, install a browser, and perform a health check, but it does not clearly warn users that these actions modify the local system, network state, and filesystem. In a security-sensitive agent/skill context, this can lead users to run impactful commands without informed consent, increasing the risk of unintended software installation or execution of newly pulled code from an external repository.

Missing User Warnings

Medium

Confidence: 86% confidence
Finding: The skill advertises login-state caching and persistent storage of scraped results across multiple formats, but it does not provide a prominent warning about sensitive session data, local artifact retention, or privacy/legal risks from collecting public-platform data at scale. Users may unknowingly retain authentication material or scraped personal data on disk, which can later be exposed, misused, or mishandled.

Missing User Warnings

Medium

Confidence: 98% confidence
Finding: The script downloads and immediately executes a remote installer with `curl ... | sh`, giving the remote server full code execution on the host during setup. This is dangerous because any compromise of the upstream domain, network path, or installer content would execute arbitrary shell commands without integrity verification or meaningful user confirmation.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal