ClawHub
Back to skill

Security audit

Web Scraper Summarizer

Security checks across malware telemetry and agentic risk

Overview

This skill does what it claims: it fetches a user-provided web page and summarizes it with Ollama, with no hidden persistence or destructive behavior found.

Install only if you are comfortable with the agent fetching URLs you provide and sending the page text to your Ollama setup. Use it for public web pages, avoid internal or confidential URLs, and treat summaries as untrusted when the source page may contain adversarial instructions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
prompt = build_prompt(content, style, 5)
    
    try:
        result = subprocess.run(
            ['ollama', 'run', 'llama3.2', prompt],
            capture_output=True,
            text=True,
Confidence
88% confidence
Finding
result = subprocess.run( ['ollama', 'run', 'llama3.2', prompt], capture_output=True, text=True, timeout=120, encoding='utf-8',

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger phrases are broad enough to match many generic requests such as analyzing content or extracting key points, which can cause the skill to activate outside a narrowly intended scope. Over-broad activation increases the risk that network-fetching and summarization behavior will be invoked on sensitive or unintended targets without clear user intent.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill does not clearly warn that using it causes outbound network requests to arbitrary URLs and sends retrieved content into local summarization tooling. This can expose sensitive URLs, internal endpoints, or confidential page contents to logging, local model processing, or other components without informed user consent.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
Fetched page content is forwarded to a local/external LLM process without any user-facing disclosure or consent flow. If users provide internal, authenticated, or sensitive URLs, this can unintentionally expose proprietary page content to another component and broaden data access beyond the original fetch operation.

Ssd 1

Medium
Confidence
97% confidence
Finding
Untrusted web page text is embedded directly into the prompt as if it were inert content, enabling prompt injection. A malicious page can include instructions that cause the model to ignore the summarization task, produce deceptive output, or manipulate downstream users who trust the summary.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.