Back to skill

Security audit

Ai Research Scraper

Security checks across malware telemetry and agentic risk

Overview

This is a rough but purpose-aligned AI news scraper; it uses expected external search/translation services, with disclosure and maintenance gaps but no evidence of malicious behavior.

Install only if you are comfortable with the skill invoking a local tavily-search skill and sending AI-news search queries to external services. Do not run the translation helper or test scripts on private content unless you have reviewed the provider, credentials, and data-handling implications.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Output HandlingUnvalidated Output Injection, Cross-Context Output, Unbounded Output
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (12)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill documentation exposes executable network and shell-based usage but does not declare permissions or clearly bound those capabilities. In agent environments, undeclared outbound access and command execution reduce transparency and can lead to unexpected data transfer or unsafe execution paths.

Tp4

High
Category
MCP Tool Poisoning
Confidence
94% confidence
Finding
A mismatch between the stated purpose and the broader observed behavior is a strong security concern because users may authorize a simple scraper while the skill also sends content to multiple third parties, invokes other skills, and includes unrelated translation/testing logic. This expands the trust boundary and creates risk of undisclosed data exfiltration, supply-chain behavior through sub-skills, and hidden functionality.

Description-Behavior Mismatch

Medium
Confidence
84% confidence
Finding
The skill claims to fetch from a specific list of well-known sites, but the implementation ignores that list and delegates to a separate search skill. This mismatch is a supply-chain and transparency problem: users and reviewers may believe the data source is constrained when it is actually determined by another component with different behavior.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
A simple news-scraping skill invokes an external Node.js script from another skill, expanding the execution and trust boundary beyond what the stated purpose suggests. This increases the risk of hidden behavior, dependency abuse, or execution of modified code from a separate component that may not be reviewed with the same scrutiny.

Missing User Warnings

Low
Confidence
76% confidence
Finding
The documentation describes scraping external websites but does not warn users that prompts, URLs, or retrieved content may be transmitted over the network. While expected for a scraper, missing disclosure can still mislead users about privacy and operational behavior in an agent setting.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The documentation instructs sending text to external translation and search services but does not mention any privacy notice, consent flow, or data handling limitations. If user-provided or scraped content contains sensitive information, operators may unknowingly transmit it to third parties, creating privacy, compliance, and data-governance risk.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The code sends user-provided text plus authenticated API request metadata to a third-party service without any explicit warning, consent flow, or clear documentation that content leaves the local environment. This creates a real privacy and data-handling risk, especially if scraped research notes, proprietary prompts, or sensitive user input are translated automatically.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The function sends arbitrary input text to Baidu's external translation API with no user-facing notice, consent flow, or data classification checks. If the skill passes prompts, notes, or other sensitive research content into this function, that data leaves the local environment and may be logged or retained by a third party.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The function sends caller-provided text to translate.googleapis.com over the network without any disclosure, consent flow, or data-sensitivity checks. If the skill is given private prompts, proprietary research notes, or user content, this creates silent third-party data exposure outside the local trust boundary.

Natural-Language Policy Violations

Medium
Confidence
90% confidence
Finding
Defaulting all translations to zh-CN without user opt-in can silently alter output language and route content through a locale-specific transformation path the user did not request. In this skill context, that is more concerning because the stated purpose is AI research scraping and summarization, not forced localization, so the behavior is unexpected and may facilitate unnoticed content manipulation or inappropriate data sharing.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script transmits user-provided text and authentication material to an external translation service without any notice, consent, or data-classification guardrails. In a skill that is described as AI research scraping rather than translation, this undisclosed outbound data flow increases the risk of leaking sensitive prompts, collected content, or secrets to a third party.

Unvalidated Output Injection

High
Category
Output Handling
Content
# 使用tavily-search技能获取结果
    try:
        result = subprocess.run([
            'node', '/root/.openclaw/workspace/skills/tavily-search/scripts/search.mjs',
            'AI product development',
            '-n', '10',
Confidence
80% confidence
Finding
subprocess.run([ 'node', '/root/.openclaw/workspace/skills/tavily-search/scripts/search.mjs', 'AI product development', '-n', '10', '--topic', 'news'

VirusTotal

57/57 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.