ClawHub

Sf Scraper

Security checks across malware telemetry and agentic risk

Overview

This skill is an openly described SuccessFactors scraper, but it gives an agent broad access to sensitive HR profile areas without enough scoping or privacy guardrails.

Install only if you are authorized to let an agent view SuccessFactors HR data. Use it with a least-privilege account or session, specify exact fields before running it, and avoid compensation, personal contact, documents, performance, goals, and leave information unless separately approved by your organization.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill explicitly enumerates and encourages extraction of broad HR profile categories, including highly sensitive fields such as date of birth, compensation, personal contact details, home address, marital status, and employment status. This materially exceeds a narrow employee lookup function and creates a real risk of over-collection and disclosure of confidential personnel data from an authenticated HR session.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The skill instructs navigation into unrelated tabs such as Documents, Performance History, Goal Plan, and Time Off, which are outside a basic employee-details lookup and commonly contain especially sensitive HR, performance, or leave information. This expands the accessible data surface well beyond the manifest purpose and enables intrusive collection from a privileged, logged-in browser session.

Vague Triggers

Medium
Confidence
85% confidence
Finding
The trigger phrase "look up employee" is generic and can match ordinary requests outside SuccessFactors, increasing the chance the skill activates in contexts the user did not intend. In combination with browser automation against a live authenticated HR session, ambiguous triggering raises the risk of unnecessary access to employee data and inadvertent privacy violations.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill directs scraping and returning employee profile data from a live HR system without any explicit privacy notice, sensitivity warning, or minimization guidance presented to the user. Because the workflow operates inside a logged-in SuccessFactors session and can access sensitive personnel information, the absence of user-facing warnings and consent/scoping checks makes accidental over-disclosure significantly more likely.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal