ClawHub

Scrapeless LLM Chat Scraper Skill

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward Scrapeless API wrapper, but users should know their prompts are sent to Scrapeless and may involve provider policy or privacy considerations.

Install only if you trust Scrapeless with the prompts and returned task data. Do not send secrets, regulated personal data, or confidential business conversations unless you have approval, keep X_API_TOKEN scoped and protected, monitor API usage, and install the Python dependencies in an isolated environment with reviewed or pinned versions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill declares environment credentials and instructs users to run a Python script that performs networked scraping, but it does not declare permissions for env, network, or shell access. This weakens trust boundaries and informed consent because users and platforms cannot accurately evaluate what the skill is capable of before execution.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The README explicitly promotes scraping AI chat conversations across multiple providers and mentions proxy-based collection, but it does not warn users about privacy, consent, retention, or platform terms-of-service risks. In a skill intended for automation agents, this omission can normalize collection of potentially sensitive conversational content and increase the likelihood of misuse or non-compliant deployments.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill sends user prompts and potentially sensitive conversation content to a third-party scraping API, but the description does not clearly warn users that their data leaves the local environment and is processed by Scrapeless. Because this skill is specifically designed to scrape AI chat conversations, the context makes the omission more dangerous: users may inadvertently transmit confidential chats, credentials, personal data, or proprietary information.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The tool sends the user-supplied prompt to a third-party scraping service without any explicit consent prompt, warning, or data handling notice at the point of use. If users include secrets, personal data, internal prompts, or proprietary content, that information is disclosed to an external provider and may be logged, retained, or processed outside the user's expectations.

Natural-Language Policy Violations

Medium
Confidence
76% confidence
Finding
Defaulting the country to `US` is not a classic exploit primitive, but it is a genuine privacy and correctness issue because it silently imposes a locale the user may not intend. In a scraping context, locale affects provider behavior, routing, and returned content, so silent defaults can misrepresent user intent and alter data handling characteristics.

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.31.0
python-dotenv>=1.0.0
Confidence
94% confidence
Finding
requests>=2.31.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.31.0
python-dotenv>=1.0.0
Confidence
93% confidence
Finding
python-dotenv>=1.0.0

Known Vulnerable Dependency: requests — 10 advisory(ies): CVE-2014-1830 (Exposure of Sensitive Information to an Unauthorized Actor in Requests); CVE-2024-47081 (Requests vulnerable to .netrc credentials leak via malicious URLs); CVE-2024-35195 (Requests `Session` object does not verify requests after making first request wi) +7 more

High
Category
Supply Chain
Confidence
82% confidence
Finding
requests

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal