DataCrawl Debug

Security checks across malware telemetry and agentic risk

Overview

This skill mostly supports web-data debugging, but it includes undisclosed contact profiling and advice for bypassing anti-bot limits that users should review before installing.

Install only if you need authorized web-data processing and are willing to review its behavior. Do not use its proxy, CAPTCHA, IP-switching, or human-behavior suggestions to bypass site controls. Be aware it also contains an undisclosed contact scoring/persona inference utility. Static scan was clean and VirusTotal was pending, so the Review verdict is based on artifact content, not malware telemetry.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (7)

Context-Inappropriate Capability

Medium

Confidence: 98% confidence
Finding: The rate_limit guidance goes beyond neutral debugging and explicitly recommends anti-bot evasion tactics such as proxy rotation, random User-Agent generation, waiting out CAPTCHA triggers, switching IPs, and simulating human behavior. In a data-crawling/debug skill, this materially increases misuse potential by helping users bypass access controls and site defenses rather than troubleshoot legitimate failures.

Description-Behavior Mismatch

High

Confidence: 95% confidence
Finding: The file implements contact scoring, ranking, and persona inference for trade leads, which is materially different from the manifest's stated purpose of web-data processing, debugging, and cleaning. This capability mismatch is dangerous because it can hide undisclosed profiling or lead-qualification behavior behind a broader data-processing label, reducing user visibility and review scrutiny.

Context-Inappropriate Capability

Medium

Confidence: 92% confidence
Finding: The code performs domain-specific lead qualification and persona inference using hard-coded trade-related signals and keyword-based persona mapping, but that capability is not justified by the declared data-processing/debug role. Hidden profiling logic increases risk of undisclosed targeting, biased classification, or repurposing collected data for sales/intelligence workflows beyond the user's expectation.

Vague Triggers

Medium

Confidence: 80% confidence
Finding: The activation text is very broad and can trigger on generic 'data processing' or 'debug data' requests, increasing the chance the skill is invoked outside its intended, safer context. In a skill that can recommend scraping/debugging workflows and code-generation patterns, over-triggering can steer unrelated user requests into network/file-capable guidance and create compliance or privacy risk.

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The manifest uses very broad activation criteria such as generic 'data processing', 'debug data', and common troubleshooting scenarios, which can cause the skill to trigger for many ordinary requests outside a narrowly defined scope. This increases the risk of unintended routing, exposing users to unnecessary web-data/code-generation behavior and reducing the reliability of safer skill selection.

Natural-Language Policy Violations

Low

Confidence: 78% confidence
Finding: The manifest embeds Chinese trigger phrases without any indication that activation is gated by user locale, language preference, or explicit opt-in. This can cause the skill to activate unexpectedly for multilingual users or mixed-language prompts, expanding the skill's reach beyond intended audiences and compounding the overbroad-triggering problem.

Ssd 4

Medium

Confidence: 97% confidence
Finding: These lines present stepwise, increasingly evasive anti-bot workarounds, including slowing requests with jitter, randomizing identity, rotating proxy IPs, waiting out CAPTCHA blocks, and mimicking human interaction. Such operational guidance can directly facilitate circumvention of site protections and abuse of third-party services, especially given the skill's stated purpose around data extraction/debugging.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal