ClawHub

Felo Web Extract

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says: it extracts user-provided webpage URLs through Felo's external API, with the main caution that URLs and options are sent to Felo.

Install only if you are comfortable using a Felo API key and sending target URLs plus extraction options to Felo's service. Avoid private, authenticated, signed, localhost, intranet, cloud-metadata, or otherwise sensitive URLs unless you intentionally want Felo to process them, and keep FELO_API_BASE at the trusted default unless you know why you are changing it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The README encourages sending arbitrary URLs and extracted webpage content to the external Felo Web Extract API, but it does not warn that requested URLs, fetched page data, and possibly sensitive internal resources may be transmitted to a third party. In an agent context, this increases the risk of privacy leakage and SSRF-like misuse if users provide internal, authenticated, or otherwise sensitive URLs.

Vague Triggers

Low
Confidence
81% confidence
Finding
The trigger keywords are broad enough that an agent may invoke this skill for generic requests to fetch or summarize webpage content without clear scope limits or safety exclusions. In combination with a tool that transmits content to an external API, over-broad activation can cause unintended data disclosure or use on sensitive URLs.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill routes user-supplied URLs and related request metadata to the external Felo Web Extract API, but the description does not warn users that their data leaves the local agent boundary. This creates a transparency and privacy-consent issue, especially if users provide sensitive or internal URLs assuming extraction happens locally.

External Transmission

Medium
Category
Data Exfiltration
Content
node felo-web-extract/scripts/run_web_extract.mjs --url "https://example.com" --target-selector "#content" --format text
```

### Option B: Call API with curl

```bash
curl -X POST "https://openapi.felo.ai/v2/web/extract" \
Confidence
93% confidence
Finding
curl ```bash curl -X POST "https://openapi.felo.ai/v2/web/extract" \ -H "Authorization: Bearer $FELO_API_KEY" \ -H "Content-Type: application/json" \ -d

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal