Back to skill

Security audit

Scrapling

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed web-scraping helper with expected network, browser, session, and local parsing behavior, but users should be careful with credentials, protected sites, and saved page data.

Install dependencies in an isolated environment, scrape only sites you are authorized to access, avoid giving real account credentials unless necessary, and disable or clear saved sessions/DOM snapshots when handling private pages.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill clearly enables network access and references local files/scripts, yet the metadata does not declare permissions. Hidden or undeclared capabilities make it harder for a host system or reviewer to apply least-privilege controls and can lead to unexpected scraping or local file access when the skill is invoked. In a scraping skill, this mismatch is more dangerous because broad web access is the core function and may be triggered frequently.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The description is broad enough to match many ordinary requests involving websites, crawling, extraction, or automation, which can cause the skill to be selected in situations the user did not clearly intend. Overbroad routing increases the chance of unnecessary network access, scraping of sensitive targets, or use of stealth/anti-bot features in contexts that deserve more scrutiny. Because this skill includes dynamic and stealth fetchers, overly generic invocation criteria make misapplication more risky than for a narrowly scoped utility.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill promotes session persistence, cookie handling, and login submission but does not include safeguards for secrets, privacy, or authorization. This can normalize collecting user credentials, storing authenticated cookies, or scraping private account data without clear consent and retention limits. In a web scraping skill, authenticated sessions materially increase access to sensitive data, making the omission more dangerous than a simple public-page scraper.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The listed trigger phrases are broad enough to match many ordinary user requests, which can cause the agent to invoke this skill in situations where the user did not clearly consent to web scraping, crawling, or automated collection. Because this skill can perform external network access, anti-bot evasion, and site crawling, over-broad routing increases the chance of unintended or policy-violating actions.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The examples demonstrate live network fetching and writing output files without any warning that these actions contact external systems or modify local storage. In an agent setting, this can lead to surprising side effects, accidental data exfiltration to third-party sites via requests, or unreviewed file creation when the skill is auto-selected from natural-language prompts.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.