ClawHub

Webfetch Md

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says: it fetches a user-provided webpage and converts it to Markdown, with no evidence of hidden persistence, credential access, or exfiltration.

Install only if you want an agent-accessible tool that retrieves URLs you provide and returns their page content as Markdown. Do not use it on localhost, private network, cloud metadata, admin, or sensitive internal URLs unless that access is intentional, and treat returned webpage text as untrusted content rather than instructions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Vague Triggers

Medium
Confidence
88% confidence
Finding
Describing the tool as able to fetch 'any webpage' creates an overly broad operational scope with no documented restrictions on internal hosts, localhost, link-local addresses, or sensitive endpoints. In practice, such unconstrained URL fetching can enable SSRF-style access paths or retrieval of untrusted content from dangerous locations if invoked by an agent or user with insufficient guardrails.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The documentation does not clearly warn users that invoking the skill causes outbound network requests to remote sites. This lack of notice is risky because users may unknowingly transmit request metadata to third parties or use the tool in environments where external access is sensitive or prohibited.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill performs arbitrary outbound requests to user-supplied URLs without any disclosure, consent gate, or restriction on destinations. In an agent environment this can expose the user's IP/network context to third parties, trigger requests to sensitive internal endpoints, and create SSRF-style access to internal services if the runtime has privileged network reachability.

Natural-Language Policy Violations

Medium
Confidence
87% confidence
Finding
The code hardcodes Accept-Language to prefer zh-CN without user opt-in, which can misrepresent the user's locale and unnecessarily leak or impose a regional preference to remote sites. While not severe on its own, it can affect returned content, influence tracking/fingerprinting, and create privacy or compliance concerns in contexts where locale should reflect user choice.

Unpinned Dependencies

Low
Category
Supply Chain
Content
"test": "node test.js"
  },
  "dependencies": {
    "turndown": "^7.1.2",
    "cheerio": "^1.0.0-rc.12"
  }
}
Confidence
91% confidence
Finding
"turndown": "^7.1.2"

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal