ClawHub

Anycrawl

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed wrapper for AnyCrawl web search and scraping, with expected network access, local output, and API-key authentication.

Before installing, verify the AnyCrawl npm package and publisher, protect and rotate your API key as needed, avoid crawling sensitive sites unless necessary, keep .anycrawl/ out of version control, and treat scraped page text as untrusted content rather than instructions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
84% confidence
Finding
The skill description and command guidance are broad enough to match many generic web-related requests, which can cause the agent to invoke a network-capable scraping tool more often than necessary. That increases the chance of unnecessary external access, unintended data retrieval, and over-collection when a narrower or non-network tool would have sufficed.

Missing User Warnings

Low
Confidence
88% confidence
Finding
The skill instructs the agent to write crawl results to a local directory without warning the user that files will be created and retained on disk. In environments handling sensitive URLs or scraped content, this can leave behind unexpected local artifacts, creating privacy, data retention, and workspace contamination risks.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The installation instructions tell users to globally install and authenticate a third-party CLI that stores credentials locally, but they do not warn about the trust boundary, credential storage location, or the risks of running unaudited code from npm. In a skill that may be followed by an agent or operator, this increases the chance of unnecessary credential exposure and unsafe system modification without informed consent.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal