Scrapling AI

Security checks across malware telemetry and agentic risk

Overview

This scraping helper is coherent, but it needs review because it explicitly promotes bypassing Cloudflare, CAPTCHA, and bot-detection protections without clear authorization limits.

Install only if you need this scraper and will use it on sites you own or are clearly authorized to scrape. Do not use the bypass examples against protected sites without permission; review the external Scrapling package before installing, handle scraped data carefully, and keep any MCP server limited to trusted local clients.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill explicitly promotes bypassing Cloudflare, captcha, and bot detection without any warning about authorization, terms-of-service, privacy, or legal constraints. In an agent context, this can normalize evasive scraping against protected sites and increase the chance of unauthorized collection, policy violations, or access to data the operator should not be attempting to retrieve.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal