ClawHub

Web fetch markdown of page

Security checks across malware telemetry and agentic risk

Overview

This skill is a small instruction-only helper for fetching public web pages through jina.ai as condensed markdown, with the main caution being third-party privacy exposure for sensitive URLs.

Use this skill for public pages, documentation, and articles where condensed markdown is useful. Avoid using it with private dashboards, authenticated pages, localhost or intranet URLs, signed links, or URLs containing tokens unless you intentionally want jina.ai to receive and process that URL and page content.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
84% confidence
Finding
The skill description uses broad trigger phrases like "fetch as markdown," "reduce tokens," and general web-fetching scenarios, which can cause the agent to invoke this skill in situations where the user did not explicitly consent to routing the request through jina.ai. Because the skill sends requested URLs to an external proxy service, overbroad activation increases the chance of unintended third-party disclosure of user-provided URLs and fetched content.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs the agent to transform any requested URL into a `https://r.jina.ai/<original-url>` request without warning that the target URL and resulting content are sent through a third-party proxy. This creates a privacy and data-handling risk, especially if users provide sensitive, internal, tokenized, or otherwise non-public URLs that would be disclosed to an external service outside the primary fetch path.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal