ClawHub

Phoenix Scraper

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed multi-provider web scraper, but users should avoid sending sensitive URLs through its external scraping providers.

Install only if you are comfortable with target URLs and request metadata being sent to Brave Search, Bright Data, and possibly X API endpoints. Do not use it for internal, authenticated, private, or token-bearing URLs unless you have explicit approval, and monitor Bright Data costs for premium domains.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill documents use of environment variables and outbound network access to external providers, but the metadata does not declare corresponding permissions. This creates a transparency and governance gap: users or orchestrators may invoke a capability-rich scraper without clear visibility into secret access and third-party transmission behavior.

Vague Triggers

Medium
Confidence
81% confidence
Finding
The description is broad enough to match many generic scraping or web-access tasks, increasing the chance the skill is selected for requests beyond the user's intent or beyond acceptable policy boundaries. Because this skill can escalate from ordinary fetching to proxy-based unlocking and headless browser automation, overbroad routing materially increases the risk of unintended data collection and policy bypass attempts.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly routes URLs and requests through third-party services such as Brave Search and Bright Data, and may use authenticated tokens for X API access, but it does not clearly warn about privacy, confidentiality, or data-sharing consequences. In practice, requested URLs, query terms, headers, and possibly sensitive targets could be disclosed to external vendors, which is especially risky for internal URLs, user-specific resources, or compliance-bound workflows.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The scraper sends user-supplied URLs to third-party services (Brave and Bright Data) without any explicit consent gate, warning, or restriction in the callable API. This can disclose sensitive internal URLs, tokens embedded in query strings, or private target metadata to external vendors, which is especially risky in an agent skill that may be invoked on arbitrary user or system-provided targets.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal