ClawHub

Clone Anywebsite

Security checks across malware telemetry and agentic risk

Overview

This instruction-only website cloning skill includes useful visual inspection steps, but it also teaches direct copying of site assets, shader code, DOM structure, and canvas animations.

Install only for work on sites and assets you own or have explicit permission to reproduce. Avoid using the shader interception, full outerHTML copying, video extraction, or canvas recording steps on third-party sites, because they can copy protected implementation details or media and may violate copyright, trademarks, or site terms.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The skill’s stated legal framing is undermined by explicit instructions to 'steal the exact asset' and clone third-party implementations from live sites. In context, this is not neutral inspection guidance; it operationalizes unauthorized extraction and reuse of protected assets and implementation details, which can facilitate IP theft and policy evasion.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
Intercepting WebGL shader source from a target site is a reverse-engineering and exfiltration capability that goes well beyond normal visual inspiration or prototyping. It enables copying proprietary rendering logic and hidden implementation details directly from third-party applications, which is especially risky in a skill explicitly oriented around cloning websites.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The canvas recording workflow captures rendered output from a target site and forces a local download of a reusable video asset. This is a concrete asset exfiltration mechanism, not merely observation, and it facilitates unauthorized copying of proprietary visual media for reuse in a clone.

Intent-Code Divergence

High
Confidence
97% confidence
Finding
The ethical note claims users should avoid ripping proprietary assets, but the body of the skill gives detailed instructions for extracting videos, shaders, DOM structures, and recorded canvas output from target sites. This contradiction materially increases risk because the disclaimer functions as cover while the operational content teaches misuse.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill instructs the user to create a Blob, generate an object URL, and programmatically click a download link, causing files to be written locally without prominent warning or consent framing. In a skill already centered on copying from third-party sites, silent download behavior increases the risk of unintended local writes and unauthorized asset acquisition.

Missing User Warnings

Low
Confidence
82% confidence
Finding
The process-kill instruction can terminate local processes and is presented without a safety warning, verification step, or scope limitation. Although low impact compared with the extraction features, it still encourages potentially disruptive local system actions that could affect unrelated work if matched too broadly.

Ssd 4

High
Confidence
98% confidence
Finding
The narrative explicitly escalates from screenshot-based observation to 'Deep DOM Interrogation' to 'steal the exact asset,' framing unauthorized copying as the preferred path to high-fidelity cloning. This progression normalizes misuse and lowers the barrier to exfiltrating protected materials from third-party websites.

Ssd 2

High
Confidence
98% confidence
Finding
The skill uses euphemistic phrasing like 'secret sauce,' 'steal the exact asset,' and 'shader stealer' to disguise direct instructions for reverse engineering and copying protected implementation details. This obfuscated wording is dangerous because it presents abusive behavior as ordinary design workflow, making policy-violating use more likely.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal