ClawHub

HTML Extract

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed HTML-to-Markdown helper that uses the MinerU CLI and token, with no evidence of hidden or unrelated behavior.

Install only if you trust MinerU and the mineru-open-api CLI. Do not process confidential HTML, intranet pages, authenticated URLs, or proprietary content unless you are comfortable sending that material through MinerU with your token.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
83% confidence
Finding
The skill description includes broad trigger phrases such as 'read this HTML file', 'parse this web page', and 'get text from a web page', which can match many ordinary user requests and cause the agent to invoke this skill when the user did not explicitly consent to using an external service. Because the skill supports remote URLs and requires a token-backed third-party API, overbroad routing increases the chance of unintended data disclosure or unnecessary external requests.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs users to run extraction and crawl operations on remote URLs but does not clearly warn that the target URL and fetched content will be processed by the external MinerU service using the configured API token. In an agent setting, this can lead to silent transmission of sensitive internal URLs, authenticated resources, or proprietary page content to a third party without informed user approval.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal