ClawHub

sf-scrapper

Security checks across malware telemetry and agentic risk

Overview

This skill is openly for scraping employee records from a logged-in SuccessFactors session, but it needs review because it can expose sensitive HR data too broadly.

Install only if users are authorized to retrieve employee records through their SuccessFactors session. Keep Browser Relay limited to the intended SuccessFactors tab, avoid broad or batch lookups unless approved, and return only the fields needed for a legitimate business purpose.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger language is broad enough to auto-activate on ordinary employee lookup requests, which increases the chance the agent performs browser scraping of HR data without an explicit, informed user intent to access sensitive SuccessFactors information. In this context, the skill operates against a live authenticated session and targets employee profile data, so ambiguous triggering materially raises the risk of unnecessary exposure of personal and employment information.

Missing User Warnings

High
Confidence
96% confidence
Finding
The skill explicitly instructs scraping employee details such as name, email, department, manager, location, and phone from a logged-in HR session, but it does not require a user warning, consent check, authorization validation, or data-minimization step. Because SuccessFactors contains sensitive personnel data and the browser session is already authenticated, this can lead to overcollection or disclosure of personal data to users who may not be appropriately authorized for each lookup.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal