ClawHub

Scrapeless Scraping Browser Skill

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Scrapeless cloud-browser automation skill, but it gives broad web automation, proxy, anti-detection, recording, cookie/storage, and live-preview powers without enough user-control guardrails.

Install only if you deliberately need Scrapeless cloud browser automation. Use it only on websites you are authorized to automate, avoid proxy or anti-detection features unless clearly permitted, do not run it on sensitive logged-in accounts without explicit need, keep recordings off by default, protect the Scrapeless API key and proxy credentials, and treat cookies, localStorage output, screenshots, and live preview URLs as sensitive secrets.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger language is extremely broad and includes ordinary browsing requests plus high-risk phrases like 'use a proxy' and 'bypass detection.' In an agent ecosystem, this can cause the skill to activate for routine user intents or evasive scraping scenarios, increasing the chance of unintended external browsing, proxy use, and interaction with untrusted websites.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill promotes session recording for debugging but does not clearly warn that page contents, credentials, PII, and other sensitive browser activity may be captured and retained by a remote service. In this cloud-browser context, that omission is materially risky because recording expands the scope of remote data exposure beyond normal page interaction.

Missing User Warnings

Low
Confidence
87% confidence
Finding
The authentication section instructs users to persist an API token in config or environment variables without emphasizing that it is a sensitive secret. While common operational guidance, the omission can lead to accidental disclosure through shell history, shared home directories, logs, or screenshots.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The trigger list is broad and includes generic phrases like "open a website," "click a button," and "browser automation," which can match many ordinary user requests and cause the skill to be invoked when a narrower or safer tool would be more appropriate. In this skill, that risk is amplified because the capability includes cloud browsers, residential proxies, scraping, and anti-detection behavior, so accidental invocation could enable higher-risk web interaction than the user intended.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The description defines the skill in very expansive terms, covering nearly any website interaction including form filling, clicking, screenshots, extraction, testing, proxies, and anti-detection features. That ambiguity increases the chance that routing logic will treat many common web tasks as eligible for this skill, unnecessarily exposing powerful automation and evasive capabilities in contexts where they may be inappropriate or unauthorized.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal