Security audit

Web Scraper Jina

Security checks across malware telemetry and agentic risk

Overview

This markdown-only skill has no local executable code, but it broadly instructs users to bypass website protections and send arbitrary URLs through a third-party scraping service.

Review before installing. Use only for public content you are authorized to access and scrape, and do not send internal URLs, signed links, session-bearing URLs, credentials, proprietary pages, or protected content through r.jina.ai.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The skill instructs users to route arbitrary target URLs through a third-party proxy service but does not disclose that requested URLs, headers, and retrieved content are exposed to that external provider. This creates a clear data-handling and confidentiality risk, especially if users apply the skill to internal, sensitive, or authenticated targets under the assumption that scraping happens directly.

Missing User Warnings

Medium

Confidence: 98% confidence
Finding: The skill's core description openly promotes bypassing Cloudflare, Turnstile, and similar protections, which encourages circumvention of access controls and anti-abuse systems. In context, this increases the likelihood of unauthorized scraping, policy violations, and use against protected services, making the skill materially more dangerous than a neutral web-fetching utility.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.