ClawHub

Content Fetch Skill

Security checks across malware telemetry and agentic risk

Overview

This is a real webpage scraping tool, but it deserves review because it can use logged-in browser sessions and includes anti-detection and security-bypass browser settings.

Install only if you intentionally want a Playwright scraper that may operate under your logged-in accounts. Use dedicated or low-privilege accounts, provide cookies only for sites you are authorized to archive, avoid command-line passwords, review proxy use against site terms, and delete cookie/session/output files when finished.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (17)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The code deliberately modifies browser fingerprints by hiding navigator.webdriver and spoofing plugins/languages, which is anti-detection behavior rather than ordinary page fetching. In a general content-scraping skill, this expands the tool from passive retrieval into stealthy access, increasing abuse potential and making platform policy evasion easier.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The scraper will load any caller-supplied cookie file directly into the browser context, enabling authenticated scraping of private or account-scoped content. In this skill, that capability is broader than simple public webpage fetching and creates risk of session misuse, unauthorized access, and exfiltration of data visible only to a logged-in user.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The scraper injects explicit anti-detection fingerprint spoofing by altering navigator.webdriver, plugins, languages, and window.chrome to appear less automated. In a content-fetching skill, this materially increases misuse risk by helping bypass site anti-bot controls and access restrictions, which goes beyond ordinary browser automation needs.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The browser is launched with multiple flags that weaken normal browser security and detection boundaries, including --disable-web-security, --allow-running-insecure-content, --ignore-certificate-errors, and --no-sandbox. For a content-fetching skill, these settings are unnecessary and increase exposure to malicious pages, cross-origin abuse, unsafe content loading, and broader compromise of the browsing context.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The script deliberately alters navigator.webdriver, plugins, languages, and chrome.runtime to disguise automation and evade site bot detection. This behavior exceeds ordinary page retrieval and, when combined with imported authenticated sessions, increases the risk of stealthy collection under a real user's identity and operation against sites that would otherwise block automation.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The code injects explicit anti-detection logic by overriding browser fingerprint signals such as navigator.webdriver, navigator.plugins, navigator.languages, and window.chrome. In a content-fetching skill, this goes beyond ordinary rendering compatibility and is designed to evade bot detection, which materially increases abuse potential for stealth scraping, access control circumvention, and automated collection from protected services.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The scraper accepts an arbitrary cookie file and injects it into the browser context, enabling reuse of an authenticated session for any supplied target URL. This can facilitate impersonation, unauthorized access to account-scoped content, and handling of sensitive credentials without validation, scoping, or consent controls.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger list includes broad everyday phrases like '获取网页内容', '保存网页', and '采集内容', which can cause accidental invocation outside clearly intended scraping tasks. Mis-triggering is more dangerous here because the skill performs live network fetching and can persist page data, screenshots, images, and possibly authenticated content from cookies.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill stores configuration, scraping outputs, screenshots, images, and uses user-supplied cookie files, yet the documentation lacks an explicit privacy and data-handling warning. In this context, the omission is significant because the tool can collect authenticated or personal content and persist it locally, increasing the risk of credential misuse, sensitive data retention, or unintended disclosure.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The document includes example commands with account username, password, email, and proxy-control operations, but provides no warning about secret handling, shell history exposure, account lockout risk, or misuse of third-party accounts. In a content-fetching skill, this is more dangerous because users are likely to copy-paste commands directly, potentially exposing credentials or operating on personal accounts unsafely.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The code silently loads a user-supplied cookie file into the browser context, which may include live authentication tokens or session cookies. Without prominent disclosure, validation, or scope restriction, this can cause the skill to act under another user's authenticated identity and access private or paid content unintentionally.

Natural-Language Policy Violations

Medium
Confidence
85% confidence
Finding
Hard-coding browser languages inside the anti-detection script is part of a broader fingerprint spoofing mechanism intended to evade automation detection. In context, the locale override is not just a UX preference; it contributes to deceptive browser impersonation that can help bypass site defenses.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The script ingests cookies and session state from local files and injects them into a browser context without clear user-facing safeguards, validation, or warnings about the sensitivity of these credentials. Because these cookies may grant account access, misuse, accidental disclosure, or handling of the wrong file can expose authenticated data or enable actions under the user's account.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The script saves full-page screenshots and later writes scraped authenticated content to local disk by default, but does not clearly warn that these artifacts may contain sensitive account data, private content, or session-context information. On shared systems or poorly protected directories, this can lead to unintended disclosure of collected data.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
Authentication cookies are read from disk and loaded into the browser without any explicit user warning, provenance checks, or safe secret-handling flow. In this skill context, that is dangerous because the tool is designed for broad multi-site scraping, so session material may be reused to access private or restricted content while exposing sensitive credentials to mishandling.

Missing User Warnings

Low
Confidence
80% confidence
Finding
The skill persists screenshots, downloaded images, and structured page content to local storage, but the code does not provide any explicit disclosure, retention control, or data minimization safeguards. For a scraping tool that may process account-scoped or copyrighted content, silent persistence increases privacy, compliance, and accidental data exposure risk.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
This code loads arbitrary cookie material from a local file into the browser context and then uses it to perform authenticated scraping, with only minimal logging and no explicit consent or validation of scope. In this skill context, that is security-relevant because cookies are credential material: misuse can lead to unauthorized access to private account data, accidental session reuse, and scraping under another user's identity.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal