Back to skill

Security audit

Scrapfly CLI

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent guide for using Scrapfly’s web scraping and browser automation CLI, with important but disclosed third-party service and session-persistence risks.

Install only if you intend to use Scrapfly as a remote scraping/browser service. Use least-privilege API keys, avoid entering sensitive account credentials into remote browser sessions unless necessary, close browser sessions after use, and clean up local output files or recurring schedules that may contain private scraped data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
94% confidence
Finding
The trigger text is overly broad because it activates for essentially any task involving the `scrapfly` command, including high-risk scraping, anti-bot bypass, and browser automation scenarios. In an agent environment, broad activation increases the chance the skill is invoked without adequate user intent verification or policy checks, causing unintended remote actions and data transmission.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
This section describes storing API keys in environment variables or persisted config and transmitting requests to Scrapfly services, but it does not warn that page contents, credentials entered during browser automation, and session data may be sent to and retained by a third-party service. Users and calling agents may therefore expose secrets or regulated data without informed consent.

Missing User Warnings

Low
Confidence
83% confidence
Finding
The examples show persistent browser daemons, cookies/tabs surviving across calls, and writes to local files, but provide no warning that these actions can retain authenticated session state and sensitive page content on disk. In multi-step agent workflows, that can lead to accidental leakage or reuse of credentials, tokens, or scraped private data.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.