ClawHub

pepper-oil-scraper

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed industry web scraper, but it needs review because it supports broad multi-site crawling and anti-bot tactics without clear permission boundaries.

Install only if you intend to run a web crawler for this specific industry research task. Use a virtual environment instead of --break-system-packages, run narrow site/category crawls rather than --all by default, write outputs to a controlled directory, and do not use proxies, IP switching, or browser automation to bypass rate limits, captchas, login walls, Cloudflare blocks, robots.txt, or site terms.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill clearly describes code-capable behavior including network scraping and writing output files, but it declares no permissions or user-consent boundary. That mismatch can cause the agent to perform external requests and local writes without transparent authorization, increasing the chance of unintended data access, policy violations, or surprising side effects.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The activation text is overly broad, saying the skill should trigger even for generic requests like 'crawl data' or 'collect prices' whenever context loosely relates to the industry. This can cause the skill to activate for ordinary research tasks and initiate scraping behavior the user did not specifically request, leading to unnecessary network activity and data collection.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The documentation instructs multi-site scraping, file export, anti-crawl evasion, retries, randomized user agents, and proxy support without any visible warning, consent step, or terms-of-service compliance guidance. In context, this is more dangerous because it operationalizes high-volume network behavior and persistence to disk, which can violate site rules, mask automation, and create legal, operational, or trust risks for users and platforms.

Missing User Warnings

Low
Confidence
80% confidence
Finding
Modifying sys.path at runtime changes Python import resolution globally for the process and can cause unintended modules to be imported from attacker-controlled or unexpected local paths. In a plugin or agent environment where filesystem contents may be influenced by other components, this can enable import hijacking and execution of malicious code under the scraper's privileges.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal