ClawHub

adaptive-web-analyzer

Security checks across malware telemetry and agentic risk

Overview

This web analysis skill is not clearly malicious, but it asks for unnecessary local command/file permissions and handles authenticated web content in ways users should review carefully.

Review before installing. Use it only on sites and APIs you are authorized to crawl, avoid stealth or anti-bot modes unless you have permission, do not provide cookies or API tokens for sensitive systems, and remove or restrict file.write and system.exec if the platform allows it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Tp4

High
Category
MCP Tool Poisoning
Confidence
92% confidence
Finding
The skill's declared purpose understates materially riskier behavior: stealth scraping, anti-bot bypass, and dynamic rendering. That mismatch can mislead users and reviewers into authorizing broader collection capabilities than expected, increasing the chance of covert data gathering, policy evasion, or unintended interaction with protected content.

Context-Inappropriate Capability

Medium
Confidence
85% confidence
Finding
file.write is not justified by the documented behavior, so it is an unnecessary privilege. While lower impact than system.exec, it could still allow unintended persistence of scraped or sensitive data to disk if later used or abused.

Context-Inappropriate Capability

Low
Confidence
85% confidence
Finding
file.write is not justified by the documented behavior, so it is an unnecessary privilege. While lower impact than system.exec, it could still allow unintended persistence of scraped or sensitive data to disk if later used or abused.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill describes fetching arbitrary web/API content and sending extracted text to an LLM without warning that third-party processing may occur. This can expose confidential page data, API responses, tokens embedded in content, or regulated information to downstream model providers or logs without informed user consent.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill invites use of custom headers/auth while also holding elevated permissions, but does not warn about credential handling, storage, logging, or misuse risk. In a web-scraping context, users may supply session cookies, API keys, or bearer tokens that could then be exposed to the model, logs, or unintended destinations.

Ssd 3

Medium
Confidence
95% confidence
Finding
Sending scraped text directly to an LLM and optionally returning raw-content previews can leak sensitive information from pages or APIs into model inputs and user-visible outputs. In this skill's context, the risk is elevated because the tool supports authenticated/API fetching and broad content extraction, making accidental disclosure of private or proprietary data more likely.

Ssd 3

Medium
Confidence
98% confidence
Finding
The skill forwards raw scraped page text and full metadata directly into an LLM prompt, which can disclose sensitive page contents, tokens, personal data, or proprietary material to downstream model processing. In this skill's context, the risk is elevated because it is specifically designed to fetch arbitrary web/API content and then relay it to an LLM, making unintended data exposure a core execution path rather than an edge case.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal