Smart Web Fetch Safe

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed web-page fetching helper with optional third-party cleanup and no evidence of hidden persistence, credential theft, destructive behavior, or deception.

Use the default local mode for private, internal, tokenized, or sensitive URLs. Only use --remote, or DEFAULT_MODE=remote, for pages you are comfortable sending through Jina AI, and consider setting ALLOWED_DOMAINS to restrict what sites the skill may fetch.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Intent-Code Divergence

Medium

Confidence: 91% confidence
Finding: The module advertises a privacy-first, local-first design, but remote mode can disclose the target URL to a third-party service and then silently fetch the same URL directly on fallback. This mismatch is security-relevant because users may make trust decisions based on the privacy claim and unknowingly expose sensitive URLs or internal resources through multiple network paths.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: In remote mode, the code sends the user-supplied URL to https://r.jina.ai, which leaks the full destination to a third party without an inline warning or confirmation at the point of use. If the URL contains sensitive hosts, query parameters, internal endpoints, or access tokens, this can cause unintended disclosure and may also let a third party probe resources on the user's behalf.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal