ClawHub

jina-ai-reader

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward Jina.ai Reader wrapper, with the main caution that submitted URLs and fetched page content go through Jina.ai.

Use this only for public pages you are comfortable sending through Jina.ai. Avoid internal sites, private documents, authenticated pages, signed URLs, or links containing tokens or credentials, and be mindful that paywall bypassing may conflict with site terms.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The skill advertises fetching arbitrary URLs but does not warn users that the requested URL and the retrieved page contents are sent to Jina.ai's external Reader service. This creates a real privacy and data-handling risk because users may unknowingly submit sensitive, internal, authenticated, or confidential URLs/content to a third party, especially given the skill's framing around paywalled and social-media content.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script sends the user-provided target URL to the third-party service r.jina.ai by embedding it into the request URL, which discloses the user's browsing target and possibly sensitive query parameters to an external party. In this skill's context, that behavior is core functionality, but it is still a real privacy and data-handling risk because users may assume the tool fetches content directly from the destination site rather than relaying the request through Jina.ai.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal