ClawHub

SeaPortal

Security checks across malware telemetry and agentic risk

Overview

SeaPortal is a coherent web-fetching skill, but users should know it writes fetched output locally by default and advertises TLS fingerprinting that can bypass some bot detection.

Install only if you are comfortable with a third-party web-fetching CLI. Use it on sites you are authorized to access, prefer --respect-robots and rate limits for crawling, and use --json or --snapshot when you do not want fetched page contents written into ./renders/seaportal.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The skill is presented as a read-only web navigation tool, but default operation also writes fetched content and metadata to the local filesystem. In agent environments, implicit disk writes can leak sensitive fetched data, overwrite files in shared workspaces, or violate assumptions that the tool has no local side effects.

Intent-Code Divergence

Medium
Confidence
86% confidence
Finding
Calling the tool 'read-only' is misleading when it performs local writes by default, because operators and agents may grant it broader trust under the assumption it has no side effects. This kind of semantic mismatch increases the risk of unreviewed use in restricted environments and accidental persistence of potentially sensitive content.

Natural-Language Policy Violations

Medium
Confidence
84% confidence
Finding
The documentation explicitly promotes using a Chrome TLS fingerprint to bypass bot-detection, which facilitates deceptive access patterns and can help evade site defenses. In an agent skill, this raises abuse potential because it normalizes anti-detection behavior as a built-in feature rather than a clearly constrained compatibility measure.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal