ClawHub

Web Crawl

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed web-crawling research helper whose network access is expected for its purpose, with some setup and URL-safety caveats.

Install only if you want an agent to run local Python crawler code and fetch web pages for research. Review URLs before crawling, avoid internal or sensitive network addresses unless intentional, and treat fetched webpage text as untrusted source material rather than instructions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill advertises and relies on network-capable tooling (`web_crawl`, `parallel_crawl`, `research_topic`) but does not declare corresponding permissions. That creates a governance gap: the skill can cause outbound requests without explicit user-visible permission scoping, increasing the risk of unintended data access, SSRF-like behavior through user-supplied URLs, or policy bypass in environments that depend on manifest permissions for enforcement.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The activation keywords include broad terms such as `research`, `研究`, and `analyze website`, which can match many ordinary requests and trigger this networked skill more often than users expect. In a skill that performs web crawling, overbroad activation expands the chance of unintended external requests, data exposure to third-party sites, and misuse in contexts where a simpler local answer would have been safer.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
`analyze_website` accepts an arbitrary URL and passes it directly to `crawler.crawl`, causing outbound network access to attacker-controlled destinations without validation or explicit safety controls. In an agent skill context, this can enable SSRF-style access to internal services, cloud metadata endpoints, localhost-only apps, or other sensitive network locations if the crawler follows the request from a privileged environment.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal