Scrapinghub

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Scrapinghub integration that is disclosed, but it requires trusting Membrane with authenticated Scrapinghub access.

Install only if you are comfortable using Membrane as an intermediary for Scrapinghub. Prefer discovered Membrane actions, review the exact request before POST, PUT, PATCH, or DELETE, and do not send secrets or workspace data in headers, query parameters, paths, or request bodies unless the user explicitly approves it for the Scrapinghub task.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 83% confidence
Finding: The proxy request section tells the agent how to send arbitrary requests to an external service but does not explicitly warn that request paths, headers, query parameters, and bodies may transmit user or workspace data off-platform. In an agent setting, that omission increases the chance of accidental data exfiltration or unsafe transmission of sensitive content through a generic proxy mechanism.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal