Security audit

deep-scraper

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Docker/Playwright web scraper, not evident malware, but it has broad URL-scraping power and should only be used on public pages you are authorized to scrape.

Install only if you need a broad scraping tool and can supply or review the missing Docker build context. Use it only for public, authorized content; do not point it at logged-in pages, localhost/private-network addresses, internal tools, or sites whose rules prohibit this scraping. Run it without privileged Docker options and treat scraped output as untrusted text.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Intent-Code Divergence

Medium

Confidence: 88% confidence
Finding: When transcript capture fails, the code silently falls back to scraping and returning the page description. This broadens data collection beyond the apparent transcript-focused purpose, creating a mismatch between expected and actual behavior that can expose unrelated page content and undermine least-privilege data handling.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill explicitly promotes a Dockerized browser automation stack to scrape complex sites and 'penetrate protections' without presenting a clear user warning about legal, policy, and operational risks. In this context, the omission is security-relevant because users may be encouraged to run tooling that bypasses anti-bot controls or access restrictions, increasing the chance of unauthorized scraping, account blocks, or misuse of the host/container environment.

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The script performs outbound browsing and then fetches an intercepted page-derived URL without validating destination scope or warning the user about what external requests will occur. In a skill/execution environment, this can enable unintended data collection from arbitrary user-supplied targets and broadens SSRF-like risk because the crawler will visit whatever URL it is given and issue additional requests based on page activity.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The package description explicitly advertises scraping of YouTube, X/Twitter, dynamic SPAs, and "raw API interception," which are high-risk behaviors with potential legal, privacy, and platform-abuse implications. In a skill ecosystem, the lack of any disclosure, consent boundaries, or usage restrictions increases the chance that users deploy it for unauthorized data collection or interception without understanding the risk.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal