ClawHub

全网数据探测虾

Security checks across malware telemetry and agentic risk

Overview

This is a real website-change monitoring skill, but it needs Review because it also teaches anti-bot evasion, proxy/CAPTCHA handling, and cookie-based scraping beyond its stated public-page scope.

Review carefully before installing. Use it only for sites you are authorized to monitor, avoid proxy rotation, CAPTCHA bypass, and session-cookie scraping, and set explicit limits for frequency, notification destinations, and how long local snapshots in $HOME/.web-monitor are retained.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill instructs use of a shell script (`scripts/web-monitor.sh`) and external command-line tools (`curl`, `jq`, `pup`, `diff`) but does not declare corresponding permissions or execution capabilities. This creates a transparency and control gap: an agent may invoke shell-based network and file operations without clear user/admin approval boundaries, increasing the risk of unintended scraping, persistence, or outbound actions.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
This document goes beyond ordinary website monitoring and provides concrete evasion guidance: rotating User-Agents, mimicking browser headers, rotating proxies, detecting blocks, and suggesting CAPTCHA-solving services. In the context of a web-monitoring/scraping skill, these instructions materially enable bypass of site defenses and access controls, increasing the risk of unauthorized scraping, ToS violations, and evasive collection at scale.

Vague Triggers

Medium
Confidence
78% confidence
Finding
The trigger keywords are broad enough to match many ordinary scraping or monitoring requests, which can cause the skill to activate in contexts where users did not clearly consent to web scraping, data collection, or outbound notifications. In this skill, that matters because activation can lead to automated periodic access, archiving of collected content, and alerts to external systems.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill describes automated scraping, data archiving, and outbound notifications, but it does not warn users about privacy, legal, operational, or third-party impact. This is risky because users may unknowingly monitor sites at high frequency, store collected content, and transmit change data to external channels, potentially violating expectations, policies, or target-site restrictions.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The CAPTCHA section explicitly recommends OCR, browser automation for slider challenges, and third-party solving services for reCAPTCHA, but does not present strong warnings that these actions may violate site rules or constitute bypass of protective controls. That omission makes the skill more likely to be used for unauthorized access or evasive scraping, especially because CAPTCHA mechanisms are typically intended to distinguish humans from automated abuse.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The template includes an example for authenticated scraping using explicit session cookies and tokens, but it provides no warning that users must only use their own credentials, avoid hardcoding secrets, and protect captured data. In a web-monitoring/scraping skill, this increases the chance that operators copy-paste real session material into scripts, logs, or shared repos, leading to credential leakage or unauthorized access.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal