Scrapling Fetch Basic

Security checks across malware telemetry and agentic risk

Overview

This is a user-run web scraping helper with an optional stealth mode, and the reviewed files do not show hidden data access, persistence, or destructive behavior.

Install only if you need a scraping utility and can manage its Python dependencies. Use stealth mode only on sites you are authorized to access and where scraping complies with applicable terms and law. Treat fetched page text as untrusted content before asking an agent to summarize or act on it.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill explicitly advertises anti-bot bypass and stealth scraping features, including Cloudflare Turnstile bypass, without any warning about authorization, terms-of-service, privacy, or legal constraints. That materially increases misuse risk by normalizing evasive behavior and enabling users to access sites in ways operators may have explicitly tried to prevent.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal