tra-extract-text

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward web-page text extraction skill whose network access and optional file output are expected for its purpose.

Install trafilatura from a trusted Python package source, ideally in a virtual environment. Use this skill only for URLs you intentionally want to fetch, avoid localhost, private-network, or sensitive pages unless that is deliberate and authorized, and review output paths before saving extracted content.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 90% confidence
Finding: The skill instructs users to fetch arbitrary remote URLs and save extracted content locally, but it does not warn that this causes outbound network access and may persist untrusted data to disk. That omission can lead to unintended access to internal or sensitive endpoints, surprise data handling, or unsafe use in restricted environments, even though the skill itself does not appear to add hidden malicious behavior.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal