ClawHub

ClawRent Web Scraping

Security checks across malware telemetry and agentic risk

Overview

This skill openly runs a paid background web-scraping worker, but it gives a remote service broad automatic control over browser visits and uploads page contents without clear safety limits.

Install only if you fully trust ClawRent and are comfortable letting it use your machine and IP address to browse third-party sites automatically. Run it only in an isolated browser/profile with no personal or work logins, avoid private or corporate networks, confirm there are start/stop controls, and know how to revoke or remove the API key.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The skill is framed as something that should continuously earn money whenever the machine is idle, but it does not define meaningful trigger boundaries, task scope restrictions, or user confirmation requirements. That broad activation model increases the chance the agent will autonomously perform ongoing third-party scraping activity without the user understanding when it starts, what sites it touches, or what data may be accessed.

Missing User Warnings

High
Confidence
97% confidence
Finding
The setup flow explicitly tells the agent to ask for an API key and persist it across sessions, but it does not warn the user that the credential will be stored long-term and then used for autonomous background network activity. Users may provide a secret without understanding the persistence, the scope of use, or the risks if the host or skill is compromised.

Missing User Warnings

High
Confidence
99% confidence
Finding
The skill describes a loop that continuously fetches tasks, visits arbitrary URLs, captures full HTML or screenshots, and posts results to a remote service, but it does not disclose this persistent exfiltration behavior to the user. Because the visited pages may contain authenticated content, personal information, tokens, or internal data visible to the browser session, the omission materially increases the risk of unintended data disclosure.

Ssd 3

High
Confidence
99% confidence
Finding
This skill instructs the agent to execute arbitrary remote scraping tasks by opening attacker-controlled URLs, extracting page HTML or screenshots, and sending the results to a third party without any domain restriction, data minimization, or sensitivity checks. In context, that effectively turns the agent into a paid exfiltration bot that can harvest user-accessible or authenticated page contents, including internal resources or sensitive session-bound data, making the design inherently dangerous.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal