ClawHub

THE_TIME_MASHEEN

Security checks across malware telemetry and agentic risk

Overview

This is a real web-scraping and browser-automation skill, but it promotes protected-site, paywalled, login-gated, and Cloudflare-bypass workflows without enough safeguards.

Install only if you specifically need advanced scraping and browser automation. Use it only on sites and accounts where you have authorization, avoid paywall or anti-bot bypass unless explicitly permitted, use isolated browser profiles or low-privilege accounts, and inspect or pin the installer and dependencies before running setup.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (6)

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The security section makes a materially misleading claim that 'All data stays local' even though the documented workflow explicitly sends requests, URLs, page contents, credentials, and session-bearing browser traffic to external sites such as target websites and archive APIs. Misrepresenting data flow can cause users to handle sensitive information under false assumptions, increasing the risk of privacy, compliance, and credential-exposure incidents.

Context-Inappropriate Capability

High
Confidence
95% confidence
Finding
The embedded 'CLI-Anything' section expands the skill from scoped web scraping and browser automation into generating CLIs for arbitrary software, which is unrelated and dramatically broadens operational capability. That creates a privilege and supply-chain risk because users may invoke an installer/plugin workflow or agent-generated harness against local applications without the security review, sandboxing, or scope limitations expected from this skill.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The README describes use cases in vague, expansive language like getting 'all the stuff' from websites, including changed, gone, or protected sites, without clear boundaries on authorized use. In an agent skill context, this ambiguity can cause overbroad activation and normalize scraping targets or workflows that exceed intended permissions, increasing the chance of misuse.

Missing User Warnings

High
Confidence
98% confidence
Finding
The README includes a command specifically framed as handling sites that are 'greedy about it's stuff' using 'stealthy-fetch' with '--solve-cloudflare', which explicitly suggests bypassing anti-bot or access protections. Providing such instructions without legal, ethical, privacy, or operational safeguards is dangerous because it can enable unauthorized access attempts, trigger abuse against third-party sites, and expose users or downstream agents to policy and compliance violations.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The manifest description uses very broad triggers such as 'scrape this', 'extract data from', and 'browser automation', making accidental or inappropriate activation more likely in routine conversations. In this context, over-broad routing is dangerous because the skill includes login automation, paywalled-content access, Cloudflare bypass language, and historical scraping, so unintended activation could steer benign requests into sensitive operations.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The script performs system-affecting changes by globally installing an npm package and downloading Playwright browser binaries without an explicit warning, confirmation prompt, or scoped install location. While common for setup scripts, this can unexpectedly modify the host environment, consume significant disk space, and introduce supply-chain risk if users run the script without understanding the changes.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal