ClawHub

Ai Web Automation 1.0.0

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a simple user-directed web scraping helper, though its documentation overstates broader automation features that are not implemented.

Install only if you need a basic scraping helper, and treat the broader automation claims as unimplemented unless more reviewed files are added. Use it only on websites you are authorized to access, avoid private/internal targets unless intentional, and add your own rate limits and data-handling controls for any scraping workflow.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The skill advertises web scraping, scheduled execution, automated submissions, proxy support, and notification integration without documenting consent requirements, rate limiting, data-handling constraints, or abuse boundaries. In an automation context, these capabilities can enable privacy violations, unauthorized data collection, spammy submissions, or persistent activity against third-party systems if users are not clearly warned and constrained.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal