ClawHub

Smart Web Fetch

Security checks across malware telemetry and agentic risk

Overview

This skill has a clear web-fetching purpose, but it broadly routes arbitrary URLs through third-party services and disables normal HTTPS checks, so users should review it before installing.

Install only if you intend to use it for public web pages and are comfortable sending requested URLs and fetched content through Jina Reader, markdown.new, and defuddle.md. Avoid private dashboards, intranet or localhost URLs, cloud metadata endpoints, signed links, and URLs containing tokens until the skill adds URL restrictions, explicit consent controls, and normal HTTPS verification.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill clearly instructs the agent to fetch remote URLs and route content through external services, which implies network access, yet the skill does not declare that capability or any associated permission boundary. This creates a transparency and governance gap: operators may enable the skill without understanding that it can send user-requested URLs and page contents off-box to third-party services.

Intent-Code Divergence

Medium
Confidence
99% confidence
Finding
The code globally disables TLS certificate validation and hostname verification for all outbound HTTPS requests. This allows man-in-the-middle interception or modification of fetched content, which is especially dangerous for a tool positioned as a trusted web-fetch replacement because downstream agents may consume poisoned content as if it were authentic.

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The script explicitly disables TLS certificate and hostname verification for outbound probes to external services. This allows a man-in-the-middle attacker or malicious network intermediary to spoof the cleanup services, causing the agent to trust tampered responses or availability checks; this is not necessary for ordinary web-fetch preprocessing and weakens transport security.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The documentation promotes sending target webpages to Jina Reader, markdown.new, and defuddle.md for cleaning, but it does not warn users that requested URLs and potentially sensitive page contents are transmitted to third-party services. In this context, that omission is dangerous because users may use the skill on private, authenticated, internal, or sensitive links, unintentionally exfiltrating data to external processors.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill automatically forwards user-supplied URLs to third-party services (r.jina.ai, markdown.new, defuddle.md) before attempting a direct fetch, without explicit notice or consent. This can leak sensitive URLs, query parameters, internal endpoints, or access patterns to external providers, and in some environments may also facilitate indirect access attempts against private resources.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill sends the user-supplied target URL to third-party services (r.jina.ai, markdown.new, defuddle.md) as part of its normal operation, with no consent prompt, warning, or allowlist. This can leak sensitive URLs, tokens embedded in query strings, internal hostnames, or private resources to external providers, and the skill context makes this more dangerous because it is intended to automatically replace normal web fetching across many agent tasks.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal