ClawHub

Website Email Scraper (Apify)

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Apify-based website contact scraper, but users should treat the collected email, phone, and social-profile data as privacy-sensitive.

Install only if you intend to send submitted website domains or URLs to Apify for contact extraction. Use budget limits, avoid collecting personal data unless necessary, set includePersonalData=false when business inboxes are enough, and make sure your use complies with website terms, outreach rules, privacy laws, and your organization’s retention requirements.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill is designed to scrape and export public business emails, phone numbers, social profiles, and optionally personal data, but the description omits any privacy, consent, or legal-compliance warning. In this context, that omission is risky because it can normalize bulk collection and downstream export of personal contact data without prompting users to consider jurisdictional rules, acceptable-use constraints, or data-minimization safeguards.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The skill description and short description are broad enough to encourage invocation for any request involving websites or contact extraction, without clear limits on when the tool should be used. In an agent setting, this can cause unnecessary third-party data transfer and collection of scraped personal or business contact data when a narrower, less invasive method would suffice.

Natural-Language Policy Violations

Low
Confidence
94% confidence
Finding
The default prompt hardcodes use of the Apify actor with APIFY_TOKEN, pushing the agent to send data to an external service automatically rather than conditionally. This removes meaningful user choice and increases the risk of unauthorized third-party processing, accidental token use, and execution in contexts where external scraping is unnecessary or not permitted.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The contract explicitly supports collecting person-like emails and personal LinkedIn URLs from public websites via `includePersonalData`, but it provides no privacy warning, purpose limitation, or consent/compliance guidance. Even when the data is publicly accessible, enabling personal-data extraction without safeguards increases the risk of privacy violations, non-compliant use, and downstream misuse such as targeted scraping or unsolicited outreach.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal