ClawHub

Content Catcher

Security checks across malware telemetry and agentic risk

Overview

This content-capture skill mostly matches its stated purpose, but it includes under-disclosed browser automation, media-key handling, cookie/header rewriting, and data-forwarding capabilities that deserve careful review before use.

Install only if you are comfortable with a powerful scraping and media-download tool. Use it in an isolated workspace, avoid authenticated or sensitive pages unless necessary, do not provide cookies or session-bound URLs casually, review any configured send-to-local destination, and clear the .clips history or browser localStorage if captured URLs or download metadata are sensitive.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (19)

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The script deliberately alters browser-detection signals by disabling Playwright's automation fingerprint and overriding navigator.webdriver to false. In a content-clipping tool, this crosses from normal scraping into anti-bot evasion, which can facilitate access against site controls and make the tool easier to misuse for stealthy large-scale collection from protected targets.

Description-Behavior Mismatch

High
Confidence
94% confidence
Finding
The script accepts page-originated postMessage data and forwards supplied keys to extension and local handlers without validating origin, purpose, or sensitivity. In context, these keys may include decryption or stream-related material, making this a covert collection channel for sensitive page data and increasing the risk of unauthorized extraction or misuse.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The catCatchToBackground handler deletes the action field and forwards the remaining event.data directly to chrome.runtime.sendMessage, effectively creating a generic bridge from any page script to the privileged background context. Because the content script listens to window messages without origin or schema validation, a malicious page can abuse extension privileges by sending crafted commands through this pass-through channel.

Context-Inappropriate Capability

High
Confidence
95% confidence
Finding
This handler collects page-supplied keys from postMessage events and forwards them to local and popup handlers, with deduplication as the only control. That turns the extension into a sink for arbitrary sensitive material supplied by the page, which is especially dangerous in a content-grabbing tool because it can facilitate unauthorized media/key extraction workflows.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The send2local function is a generic data-forwarding primitive that can transmit arbitrary captured data, including metadata and templated fields, to a configurable endpoint using GET or multiple POST body formats. In a content-capture extension, this materially expands capability from local extraction/download into exfiltration or silent relay of collected browsing data, especially because this file shows no user-consent gate, destination allowlist, or data minimization enforcement.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The setHeaders function can install declarativeNetRequest rules to rewrite request headers for tab traffic and explicitly inject Cookie values. This grants the extension power to impersonate authenticated browser requests or alter request context for arbitrary URLs, which can be abused to bypass server-side assumptions, replay sessions, or access protected media using a user's credentials.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The setRequestHeaders function can globally modify headers for xmlhttprequest, media, and image requests via session rules, with fallback behavior not limited to a specific tab in some cases. This privileged capability can change origin/referer-like context and other headers across requests, enabling unauthorized resource fetching or weakening browser/network trust boundaries beyond the stated content-capture purpose.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
The code enumerates candidate keys extracted from page frames and brute-tests them against encrypted media segments to discover a working decryption key. This materially expands the tool from passive downloading to active circumvention of media protection and exposes secret key material obtained from page context, creating clear abuse and legal/compliance risk.

Context-Inappropriate Capability

Medium
Confidence
87% confidence
Finding
The library includes deliberate user-agent rotation labeled as anti-bot behavior, which is a stealth/evasion capability rather than a necessity for local filename handling or clip-log management. In a web-content grabbing skill, this increases the ability to bypass access controls or detection by target sites and makes misuse easier at scale.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The extractor intentionally disables common browser automation indicators using AutomationControlled suppression and navigator.webdriver tampering. In a content-capture skill, these evasion measures enable bypass of site bot-detection and make the tool more suitable for stealthy scraping against site controls, which increases abuse potential beyond the stated purpose.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger phrases are very broad and overlap with common user intents like grabbing webpage content or downloading video, which increases the chance of accidental invocation. In a skill that performs network access, file output, monitoring, and downloads, unintended activation can lead to unexpected external requests, local file creation, or processing of sensitive URLs without deliberate user intent.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill describes impactful features like video downloading, PDF export, page monitoring, translation, and deep rendering without warning users about side effects such as external network requests, local storage changes, persistent monitoring, or potential handling of copyrighted/private content. Missing warnings reduce informed consent and make misuse or accidental privacy-impacting operation more likely.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The getPage handler returns either the full document HTML or the innerHTML of an arbitrary selector to whoever can message the content script through the extension channel. In a content-grabbing skill this is within functionality, but it is still sensitive because it can expose page contents, including user-visible or dynamically generated data, without any apparent user confirmation or minimization.

Missing User Warnings

High
Confidence
95% confidence
Finding
Page-provided keys are silently accepted and forwarded to extension/local components without user awareness, creating a hidden channel for sensitive data collection. In this skill context, which already focuses on extraction/download, that makes the behavior more dangerous because it can support covert recovery of protected media-related secrets beyond what users would reasonably expect.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The code persists full download task objects into localStorage, including URLs and potentially requestHeaders such as referer or other metadata supplied by the user or background page. In an extension context this creates durable retention of sensitive browsing and download information beyond the immediate task lifecycle, increasing exposure to other extension components, forensic recovery, or unintended reuse without any notice or minimization.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
This code transmits collected data to a configured endpoint without any visible disclosure, consent prompt, or indication in the file that the user is informed about destination, method, or payload contents. Even if intended for local workflow integration, silent forwarding of browsing-derived data is privacy-sensitive and becomes dangerous because the extension is a scraper/capture tool likely to process page URLs, titles, headers, and possibly other extracted content.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The code explicitly propagates cookie/header data into modified outbound requests, which involves sensitive authentication material. Handling and replaying cookies without clear disclosure or strict controls can expose user sessions, enable unauthorized access to account-bound resources, and create a covert channel for credential misuse.

Missing User Warnings

High
Confidence
96% confidence
Finding
The code fetches encryption keys and renders them in the UI in both hex and base64, directly exposing sensitive decryption material to users and potentially to other components observing the page. In the context of a downloader, this makes protected media secrets trivially recoverable and facilitates unauthorized reuse beyond the original playback context.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The translation path sends extracted page content to googletrans, which relies on an external translation service, without any explicit user notice, consent, or data classification checks. This can leak sensitive or copyrighted content captured from pages to a third party, creating a clear privacy and data-handling risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal