ClawHub

media-crawler-local

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a transparent helper for a user-run local media crawler, with cautions around cookies and keeping the service URL local.

Install only if you trust and intentionally run the local media-agent-crawler service. Keep BIL_CRAWL_URL set to localhost or 127.0.0.1, treat cookies as account secrets, and use the generic MCP helper only for the documented crawler and archive tools.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill clearly directs the agent to use shell and environment-variable-driven behavior, but it does not declare those capabilities. Undeclared execution and env access reduce transparency and bypass least-privilege expectations, making it easier for the skill to perform actions users or the platform may not anticipate.

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The declared purpose is content collection, but the documented behavior also includes archive enumeration, task-data retrieval, and generic MCP tool invocation that can call arbitrary tool names. This expands the reachable attack surface beyond the stated scope and could expose additional local service functionality or stored data without clear user expectation.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The script's purpose and description say it should talk to a local crawler service, but it accepts an arbitrary base URL from argv or the BIL_CRAWL_URL environment variable with no validation. That allows the skill to send requests and user-supplied crawl targets to non-local endpoints, which can enable unintended data egress, SSRF-like behavior via attacker-controlled services, or abuse of trust in a supposedly local-only integration.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill encourages passing optional cookies to the local crawler service but does not prominently warn that session cookies may carry authenticated browsing context and sensitive account access. Even though the endpoint is localhost, this still transmits sensitive credentials into another process where they may be logged, persisted, or misused.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal