Back to skill

Security audit

Scrapfly Agent Rules

Security checks across malware telemetry and agentic risk

Overview

The skill is a disclosed browser-automation helper, but it can act through logged-in sessions and handle an API key without a clear approval boundary for actions that may change accounts or websites.

Install only if you trust the publisher and intend to let the agent operate Ziniao Browser with your logged-in sessions. Treat it like granting remote-control access to a browser profile: avoid using it for purchases, account changes, messages, or sensitive sites unless you explicitly confirm each action, and review how the ZCLAW_API_KEY is stored and rotated.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill explicitly tells the agent to act on user requests without first asking permission before an 'obvious first step,' while also enabling stateful browser interactions such as clicking, form filling, and login. In this context, that can cause the agent to perform live site actions with side effects—submitting forms, initiating logins, or changing remote state—without explicit user confirmation or a safety boundary distinguishing read-only from mutating actions.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.