Yandex Archive Scraper

Security checks across malware telemetry and agentic risk

Overview

This skill is transparent about scraping Yandex.Archive, but it is explicitly built to bypass bot protection and gives users little guidance about authorization or terms-of-service risk.

Install only if you are authorized to automate access to Yandex.Archive and are comfortable with possible terms-of-service, legal, IP/account blocking, and rate-limit consequences. Prefer an official or permissioned access method where available, and run the scraping dependencies in an isolated environment.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The README explicitly advertises bypassing Yandex bot protection and Cloudflare Turnstile, but does not warn users about legal, policy, access-control, or account-related consequences. This is dangerous because it normalizes evasive scraping behavior and may lead operators to violate site terms, trigger blocks, or misuse the skill in environments where such bypassing is prohibited.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The description explicitly advertises bypassing bot protection and Cloudflare Turnstile but provides no warning about legal, policy, account, or operational risks of automating access to a third-party site. In context, that makes the skill more dangerous because it is purpose-built to evade access controls rather than simply consume a documented API.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal