ClawHub

Crawl Pro

Security checks across malware telemetry and agentic risk

Overview

This skill is a scraping guide that openly teaches high-scale, stealthy collection without clear permission, privacy, or rate-limit guardrails.

Install only if you intentionally need authorized scraping. Before use, confirm permission for the target site and data, set conservative rate limits, avoid collecting personal or sensitive information without a lawful basis, and do not use stealth, proxy rotation, or anti-bot bypass unless you are explicitly allowed to do so. Use an isolated Python environment and pin or verify the Scrapling dependency before installing.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
95% confidence
Finding
The trigger phrases are very broad and map to common scraping-related words like '抓取' and '采集中', which can cause the skill to activate in ordinary conversations that merely discuss crawling. In this skill, accidental activation is more concerning because the content includes anti-bot evasion, proxy rotation, and scalable crawling guidance, so an unintended invocation could steer users toward higher-risk scraping behavior without explicit consent.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill promotes production scraping, anti-bot bypass, Cloudflare evasion, proxy rotation, and concurrent crawling, but provides no warnings about legality, terms-of-service restrictions, privacy obligations, or operational impact on target systems. In context, this omission materially increases risk because users are encouraged to perform evasive, scalable collection that can facilitate unauthorized data harvesting or abusive traffic patterns.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal