Scrapingbee

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed ScrapingBee integration that uses Membrane for authenticated API access, with broad proxy features users should approve carefully.

Install only if you trust Membrane and intend to connect a ScrapingBee account. Prefer listed Membrane actions over raw proxy requests, and require explicit approval before account-changing methods such as POST, PUT, PATCH, or DELETE or before sending nonpublic data in headers, query parameters, or request bodies.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Description-Behavior Mismatch

Medium

Confidence: 90% confidence
Finding: The manifest claims the skill manages Projects and Users, but the body documents ScrapingBee scraping/account features instead. This capability mismatch can mislead users and upstream agents about what the skill can access or do, increasing the chance of unintended invocation, overbroad trust, or unsafe permission assumptions.

Description-Behavior Mismatch

Medium

Confidence: 95% confidence
Finding: The proxy section permits arbitrary authenticated requests to any ScrapingBee endpoint, which is broader than the description of merely interacting with ScrapingBee data. That creates an overbroad capability surface: an agent could invoke destructive, sensitive, or undocumented API operations through the proxy while the skill appears narrower and safer than it is.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal