ClawHub

Zenrows

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real ZenRows/Membrane scraping integration, but it needs review because powerful scraping and proxy features are under-described and lack clear user guardrails.

Install only if you intend to use ZenRows through Membrane for authorized web scraping. Before use, confirm you have permission to scrape the target, avoid sensitive or personal data unless you have a lawful basis, and require explicit user confirmation for anti-bot bypass, header spoofing, geolocation, screenshots, high-volume scraping, raw proxy requests, or mutating API methods.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The manifest description materially understates the skill's capabilities by presenting it as generic data/workflow interaction while the body exposes arbitrary web scraping, anti-bot bypass, proxies, screenshots, and raw request proxying. This mismatch can cause the skill to be selected in contexts where users and orchestrators would not expect scraping or circumvention behavior, increasing the chance of policy, privacy, or abuse issues.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The invocation description is overly broad, using generic terms like 'data,' 'records,' and 'automate workflows' that are not specific to ZenRows scraping. In agent-routing contexts, this can cause accidental invocation for unrelated tasks, giving the agent access to networked scraping and proxy features when they were not intended.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill advertises anti-bot bypass, proxies, geolocation, screenshots, and direct API proxying without any warning about legal, privacy, consent, or website-policy constraints. In this context, those features materially elevate misuse risk because they facilitate collection from third-party sites and potential circumvention of access controls.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal