ClawHub

Data Scraper

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward web-scraping skill with expected network fetching and local event writes, but users should handle URLs, stored scrape data, and optional credentials carefully.

Install only if you need a basic scraper. Scrape public or clearly authorized pages, avoid internal/private URLs, do not provide cookies or bearer tokens unless the target domain is trusted, and review/delete stored scrape events or memory files if the URLs or content are sensitive. Do not rely on the documented batch, robots.txt, retry, or watch safeguards unless an implementation beyond the supplied run.sh is provided.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill advertises shell-based web scraping commands but declares no permissions, creating a mismatch between documented capabilities and the security model. That can cause the host or user to invoke network-capable shell operations without clear review or sandbox expectations, increasing the chance of unintended external requests or unsafe command composition in downstream implementations.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger phrases are broad, generic terms such as '스크래핑', '데이터 수집', and 'scrape', which can cause the skill to activate in situations where the user did not clearly intend network retrieval and file-writing behavior. In this skill's context, unintended activation is more concerning because the documented workflow performs external requests and persists results to local storage and event files.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The guide documents downloading remote content with curl and saving outputs under memory/ and events/, but it does not prominently present these as potentially sensitive actions requiring explicit user awareness and consent. This can lead to users unknowingly triggering outbound requests and persistent storage of collected data, increasing privacy, compliance, and unintended-side-effect risks.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly supports passing Authorization headers and cookies to arbitrary URLs without warning that these values are sensitive secrets transmitted to remote servers. In an agent setting, this can lead to credential leakage, accidental reuse of session tokens on untrusted domains, or users being socially engineered into supplying secrets for scraping tasks.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal