ClawHub
Back to skill

Security audit

Scrapling Fetch Pro

Security checks across malware telemetry and agentic risk

Overview

This scraper is not hidden malware, but it openly promotes stealth anti-bot bypass without clear authorization or data-handling boundaries.

Install only if you will use it on sites you own or are authorized to access. Avoid using stealth mode to defeat site protections, respect site terms and applicable law, minimize stored scraped content, and treat fetched pages as untrusted data before passing them to an AI agent.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly promotes bypassing anti-bot protections and browser fingerprint spoofing, yet provides no warning about legal, contractual, or compliance implications. In context, this makes the skill more dangerous because its stated purpose includes defeating defensive controls, which can facilitate unauthorized scraping, policy evasion, and misuse against protected sites.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The guide includes a batch scraping example that stores fetched content locally but provides no warning about privacy, copyright, terms-of-service, or safe handling of scraped data. In a scraping-focused skill, this omission can normalize collection and retention of third-party content without user awareness of legal or data-protection risks.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation explicitly recommends a stealth mode to bypass Cloudflare and anti-bot protections, without any warning about authorization or legal boundaries. Because the skill is specifically designed for web scraping, this materially increases misuse risk by instructing users how to evade defensive controls on protected sites.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal