ClawHub

Jina Reader

Security checks across malware telemetry and agentic risk

Overview

This appears to be a purpose-aligned Jina Reader helper, but users should treat submitted URLs and optional output paths carefully.

Install only if you are comfortable sending requested URLs to Jina's external reader service. Do not use it on private, authenticated, internal, token-bearing, or pre-signed URLs, and be deliberate with any output-file option so it does not overwrite important local files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill advertises and demonstrates network access, shell execution, and file-writing behavior, but does not declare permissions or warn users about those capabilities. This creates a transparency and consent problem: an agent may invoke the skill in contexts where users or policy expect a read-only/documentation-style skill, while it can actually fetch remote content and write outputs locally.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The description does not warn that submitted URLs are sent to the Jina Reader API, which can expose sensitive URLs, query parameters, and the fetched page contents to a third-party service. In research or enterprise workflows, users may unknowingly submit internal links, pre-signed URLs, tokens in query strings, or confidential targets, causing unintended data disclosure outside the local environment.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script forwards any user-supplied URL to the third-party service r.jina.ai, which means sensitive URLs, query parameters, internal hostnames, or access tokens embedded in URLs may be disclosed outside the user's environment. In a research/fetching skill this behavior is expected functionally, but the lack of an explicit privacy warning, allowlist, or validation makes accidental data leakage a real risk rather than a false positive.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script sends user-supplied URLs to the external service r.jina.ai without any disclosure that page contents and target URLs are being forwarded to a third party. In a security context, this can leak sensitive internal URLs, tokens embedded in query strings, or private research targets, especially because the skill is explicitly designed for fetching arbitrary web content.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal