Back to skill

Security audit

Opengraph Io

Security checks across malware telemetry and agentic risk

Overview

This skill largely does what it claims, but its documentation enables broad third-party scraping and proxy use without enough privacy, authorization, or anti-evasion guardrails.

Review before installing. Use this only for public or clearly authorized URLs, avoid sending internal links, signed URLs, secrets, private documents, authenticated pages, personal data, or confidential prompts to OpenGraph.io, and do not use proxy or auto-proxy features to bypass site controls, bot protections, paywalls, rate limits, or geo-restrictions. If using the optional MCP setup, verify the npm package and consider pinning a trusted version.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (9)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The example explicitly promotes scraping through a residential proxy to avoid geo-blocking, rate limiting, and bot detection. That goes beyond ordinary URL metadata extraction and normal scraping guidance and materially enables users to evade access controls, increasing the likelihood of abusive or unauthorized collection activity.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README explicitly promotes scraping, screenshot capture, querying arbitrary webpages, and later proxy-enabled scraping, but it provides no guidance on authorization, privacy, terms-of-service, or handling of captured third-party data. In an agent skill context, this omission can normalize collecting sensitive page content or bypassing site controls, increasing the risk of misuse against external sites and accidental exfiltration of private information.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger phrases are broad enough to match many ordinary URL- or content-related requests, which can cause the skill to activate unexpectedly and route user tasks through an external service. In this skill’s context, that increases the chance of inadvertent disclosure of user-supplied URLs, page contents, or generated artifacts to OpenGraph.io without the user clearly intending to use that provider.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill does not prominently warn that user-provided URLs, scraped HTML, screenshots, and page-query content are transmitted to a third-party API. Because the skill handles webpage retrieval, scraping, screenshots, and AI querying, this omission can lead to unintended sharing of sensitive links, internal endpoints, or confidential page content with an external service.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The documentation shows proxy-enabled scraping of a third-party site and lists misuse-oriented use cases without any warning about permission, terms of service, privacy, or legal constraints. In a skill that helps fetch and scrape URLs, this omission makes unsafe behavior easier to normalize and operationalize for end users.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The guide instructs agents to send arbitrary user-supplied URLs and potentially page contents to OpenGraph.io endpoints for scraping, screenshots, extraction, and page querying, but it does not disclose that this shares the target URL and fetched content with a third-party service. In an agent setting, this can lead to unintended exfiltration of sensitive internal URLs, private documents, tokens embedded in query strings, or confidential page content if the agent is asked to process non-public resources.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The documentation instructs users to send arbitrary target URLs to OpenGraph.io, a third-party service, without warning that the destination URL itself may contain sensitive data, internal hostnames, private query parameters, or user-specific tokens. In a skill specifically designed for scraping, screenshotting, and webpage analysis, this omission increases the risk of inadvertent disclosure of sensitive browsing targets or confidential links to an external processor.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The guidance recommends `full_render=true`, `use_proxy=true`, and `auto_proxy=true` for difficult sites but does not explain the privacy and data-handling implications of rendering third-party pages and routing requests through proxy infrastructure. In the context of a web-scraping skill, this can cause users to unknowingly submit sensitive targets or content to additional processing layers, increasing exposure of confidential URLs, page contents, and access patterns.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The guide tells users to include the full API request and full response body when reporting issues, but only mentions redacting the app_id. Full requests/responses can contain sensitive URLs, query parameters, headers, cookies, scraped page content, or metadata from private or internal resources, which could lead to unintended disclosure during support escalation.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.