ClawHub

test_skill

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed web crawler that installs normal crawler dependencies, fetches user-selected sites, and saves scraped text and images locally, with some operational caveats.

Install in a virtual environment, review dependencies before running pip, and do not pass alternate package indexes or other pip flags unless you intend them. Use a controlled output directory, low --max-pages and --depth values, adequate --delay, and do not rely on this version to enforce robots.txt automatically.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
if extra_args:
        cmd.extend(extra_args)
        
    subprocess.check_call(cmd)

def main():
    parser = argparse.ArgumentParser(description="Install dependencies for BBC Crawler MaxClaw")
Confidence
92% confidence
Finding
subprocess.check_call(cmd)

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The configuration exposes a `respect_robots` safety control, but the crawler never parses or enforces robots.txt before fetching pages or downloading images. This can cause the tool to access paths site owners explicitly disallow, creating compliance, legal, and operational risk and making the behavior more dangerous because users may falsely assume the safeguard is active.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill explicitly describes local image archiving and hierarchical storage, but it does not clearly warn users that running the crawler will download potentially large amounts of remote content and write files to local disk. In an agent setting, this omission can cause unintended disk usage, storage of untrusted content, and privacy/compliance issues if users assume the skill is read-only or non-persistent.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal