Smart Scraper

Security checks across malware telemetry and agentic risk

Overview

This scraper largely does what it says, but its redirect handling can bypass its public-host protections and the audit overstates the security fixes, so it needs review before use.

Install only if you are comfortable running a network scraper in your agent environment. Avoid sensitive, authenticated, internal, or attacker-controlled URLs until redirect targets are revalidated and cache behavior is clarified; clear the cache after use if page contents or URLs may be sensitive.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (4)

Intent-Code Divergence

High

Confidence: 98% confidence
Finding: The audit document is internally contradictory: it claims all critical/high/medium issues are fixed, then later documents those same issues as still present with code locations and top-priority remediation. In a security-sensitive workflow, this can cause operators or automated systems to wrongly trust a vulnerable skill and skip necessary fixes or review.

Intent-Code Divergence

Medium

Confidence: 97% confidence
Finding: The summary table reports zero critical/high/medium findings and says all were fixed, but the later summary still reports 2 critical, 3 high, and 3 medium issues. This inconsistency undermines the integrity of the audit artifact and may lead users to deploy or approve insecure code based on false assurance.

Intent-Code Divergence

Medium

Confidence: 98% confidence
Finding: The initial URL is validated, but redirected destinations are fetched via `fetchPage(res.headers.location, ...)` without re-validating the new target. An attacker-controlled public URL can therefore redirect the scraper to internal services, localhost variants, or cloud metadata endpoints, bypassing the SSRF protections and causing the agent to access sensitive network resources.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The documentation does not clearly warn users that invoking the skill will send user-provided URLs over the network and store fetched page contents locally in a cache. This can lead to accidental disclosure of sensitive URLs, retrieval of confidential internal targets if protections fail, or persistence of sensitive page data on disk without informed consent. Because this skill's core purpose is remote fetching plus caching, the missing warning is especially relevant rather than incidental.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal