ClawHub

Deep Scraper + Amazon

Security checks across malware telemetry and agentic risk

Overview

This is a real web-scraping skill, but it gives an agent broad authority to scrape arbitrary sites with limited guardrails or warnings.

Install only if you intentionally want an agent-operated scraper. Use it only for sites you are authorized to scrape, verify every generated URL before running, avoid internal or sensitive URLs, keep the Docker container non-privileged with no host mounts, and assume scraped output may be captured in logs or downstream agent context.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

Medium
Confidence
95% confidence
Finding
The trigger list is extremely broad and includes common words for search, retrieval, analysis, products, social media, and generic data access. This can cause the skill to be selected for many unrelated requests, leading to unexpected scraping of external sites and overbroad network activity beyond what the user clearly intended.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The generic mode is defined as the fallback for any non-Amazon, non-YouTube URL or essentially any request mentioning general web/social scraping. That ambiguity makes the skill a catch-all for nearly any web-related prompt, increasing the chance of unintentional collection from arbitrary sites.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The description advertises containerized scraping and anti-detection capabilities but does not warn users that the skill accesses external websites and social media content. Missing disclosure reduces informed consent and increases the risk of users unknowingly initiating scraping that may implicate site terms, privacy expectations, or compliance requirements.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill explicitly claims anti-detection behavior such as '穿透反爬', clearing cookies, browser simulation, and retry logic, but does not present these as risky behaviors requiring user warning or restriction. In context, this makes the skill more dangerous because it normalizes evasion-oriented scraping techniques that can be used to bypass site defenses and conceal automation.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The generic path accepts an arbitrary URL from process arguments and drives a full browser to that destination, then extracts page content without any allowlist, scheme restriction, or destination validation. In a containerized agent context, this can be abused as an SSRF/open-fetch primitive to access internal services, cloud metadata endpoints, or other unintended network targets, and the scraping-oriented skill context makes that risk more plausible rather than less.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal