ClawHub

ClearWeb

Security checks across malware telemetry and agentic risk

Overview

ClearWeb is a disclosed Bright Data web-scraping skill, but it gives agents very broad anti-bot scraping and credentialed external-service access with weak usage boundaries.

Install only if you trust Bright Data and intend to use this for authorized web access. Prefer a dedicated low-privilege account or API key with budget limits, review the installer before running it, avoid private/internal/signed URLs, and require explicit approval before bulk scraping, social-profile extraction, paywall or bot-defense bypass, or lead-generation workflows.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Vague Triggers

Medium
Confidence
87% confidence
Finding
The skill is positioned as the default for virtually any internet-related task and explicitly instructs agents to always prefer `bdata` over native tools. In an agent setting, this broad invocation guidance can cause over-selection of a high-privilege external web-access capability, increasing exposure to unnecessary scraping, credential use, and policy bypass on routine requests.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The opening description advertises unrestricted access, anti-bot bypass, CAPTCHA solving, and extraction across social and professional platforms without any privacy, consent, or acceptable-use boundaries. That framing encourages use on sensitive sites and personal data at scale, which is risky in an autonomous agent context because it normalizes collection from sources with legal, ethical, and privacy constraints.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The authentication instructions say credentials are saved permanently and accept direct API key entry, but provide no warning about secret handling, shell history exposure, or secure storage. In agent environments, this can lead to long-lived credential persistence and accidental disclosure through logs, transcripts, process lists, or reused workspaces.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The documentation instructs users to place a sensitive API key in an environment variable but provides no warning about shell history, process/environment leakage, CI log exposure, or the need to avoid committing exported secrets into dotfiles and scripts. In an agent-oriented tool with shell access, this increases the chance that credentials are exposed to subprocesses, logs, or other commands that inherit the environment.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The documentation describes `bdata scrape` as a generic web access tool but does not warn users that every scrape sends the target URL and related request metadata to Bright Data's external service, potentially using stored API credentials automatically. In an agent context, this can cause sensitive internal URLs, private query strings, or user-supplied endpoints to be disclosed to a third party without explicit user awareness or consent.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal