Opengraph Io

Security checks across malware telemetry and agentic risk

Overview

This skill does what it claims, but it gives an AI assistant broad third-party web scraping and proxy guidance without enough privacy, authorization, or anti-evasion guardrails.

Review before installing. Use it only for public or clearly authorized URLs, avoid sending private/internal links, session-bound pages, secrets, personal data, or confidential prompts to OpenGraph.io, and do not enable proxy or auto-proxy features to bypass site controls, rate limits, paywalls, geo-restrictions, or bot protections. If using the optional MCP setup, verify the npm package and consider pinning a version.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (9)

Context-Inappropriate Capability

Medium

Confidence: 92% confidence
Finding: The examples explicitly promote scraping via a residential proxy to avoid geo-blocking, rate limiting, and bot detection. In the context of a URL-processing and scraping skill, this meaningfully increases misuse risk by normalizing evasive collection techniques that can facilitate access-control circumvention and scraping against site restrictions or terms.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The README explicitly promotes scraping, screenshots, element extraction, and AI querying of arbitrary webpages, but does not warn users that page contents and URLs are sent to a third-party service and may contain private, regulated, or copyrighted data. In a skill designed for URL handling, this omission increases the risk of users unknowingly transmitting sensitive internal links, authenticated content, or personal data to an external processor.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The proxy scraping example specifically advertises residential proxy use for geo-restricted or bot-protected sites without any caution about legality, terms-of-service, privacy, or authorization boundaries. That framing can normalize bypass behavior and encourage use against sites that actively restrict access, creating elevated legal, compliance, and misuse risk.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill encourages sending user-provided URLs, scraped page content, screenshots, and prompts to OpenGraph.io but does not clearly disclose this third-party data transmission near the usage guidance. In an agent context, users may supply private or internal URLs, so lack of disclosure can cause unintended exfiltration of sensitive data to an external service.

Missing User Warnings

Low

Confidence: 82% confidence
Finding: The setup instructions show how to place the API credential in config files and environment variables, but they do not include basic secret-handling guidance. This can lead to accidental exposure through shell history, checked-in config files, logs, screenshots, or shared workstation profiles.

Vague Triggers

Medium

Confidence: 85% confidence
Finding: The manifest uses very broad triggers like 'generate a diagram' and 'create a social card', which can cause the skill to activate for generic requests that do not imply consent to use OpenGraph.io. In an agent ecosystem, overbroad triggering can route unrelated user content to this third-party service unexpectedly.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The document describes using a residential proxy to bypass bot detection and geo-restrictions without any warning about legal, contractual, or policy constraints. That omission is dangerous because it presents potentially non-compliant scraping behavior as an endorsed workflow, lowering friction for abusive or unauthorized use of the skill.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The document encourages agents to send arbitrary target URLs and potentially full page content to external OpenGraph.io endpoints for scraping, screenshots, extraction, and AI querying, but it does not warn that these actions disclose the target URL and retrieved content to a third-party service. In an agent context, this can lead to unintended exfiltration of sensitive internal URLs, private documents, intranet pages, or user-provided links, especially because the skill is explicitly optimized for autonomous AI use.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: This documentation encourages use of `full_render=true`, `use_proxy=true`, and `auto_proxy=true` for scraping difficult sites, but it does not warn that target URLs and retrieved content may be transmitted through third-party infrastructure or accessed via proxy/headless browser systems. In a skill explicitly designed to scrape URLs, capture screenshots, and extract page content, that omission can cause users to unknowingly send sensitive internal, authenticated, or private URLs to external services.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal