Back to skill

Security audit

Crawl4AI Web Crawler

Security checks across malware telemetry and agentic risk

Overview

This appears to be a purpose-aligned web-crawling skill, but users should be careful with private pages, browser profiles, screenshots, proxies, and LLM extraction.

Install only if you intend to let the agent perform web crawling. Avoid using persistent browser profiles tied to personal accounts, do not crawl private or authenticated pages unless explicitly authorized, and remember that screenshots or extracted content may include secrets or be sent to third-party LLM providers depending on how you configure it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger words are broad and open-ended, including generic terms like "scrape," "crawl," and "extract webpage," which can cause the skill to activate in situations the user did not clearly intend. In an agent environment, overbroad routing increases the chance of unintended web access, data collection, or use of browser automation when a narrower or safer skill should have been chosen.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill documents capabilities that can collect and transmit sensitive data, including screenshots, proxy usage, persistent browser profiles, managed browsers, and LLM-based extraction with third-party providers, but it does not warn about credential exposure, session leakage, privacy, or external data transfer risks. In a skill meant for autonomous or semi-autonomous agents, this omission materially increases the likelihood of unsafe use against authenticated pages, personal data, or confidential content.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.