ClawHub

Web Researcher Mini

Security checks across malware telemetry and agentic risk

Overview

This is a coherent web research skill, but it uses external scraping and AI services, so users should avoid sending sensitive URLs, documents, or API keys carelessly.

Install only if you are comfortable using Firecrawl and the configured AI providers for the content you submit. Use scoped API keys, avoid secrets or internal/private URLs unless approved, confirm crawl limits before broad jobs, and review any .gitignore or shell-profile changes before accepting them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The README advertises AI summarization and report-generation behavior beyond the described Firecrawl scraping/search scope, which can mislead users about what the skill does and what data may be processed. Scope mismatches are dangerous because they weaken user consent and reviewability, especially when extracted web content may be sent to additional models or external services for summarization.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The README highlights support for dynamic JS-rendered pages via Playwright but omits any warning that browser automation may interact with complex or sensitive sites and trigger additional network activity, authentication context use, or unintended page actions. While this is primarily a transparency and safety issue rather than an exploit primitive, lack of disclosure increases the chance of unsafe use.

Missing User Warnings

Low
Confidence
84% confidence
Finding
The README highlights support for dynamic JS-rendered pages via Playwright but omits any warning that browser automation may interact with complex or sensitive sites and trigger additional network activity, authentication context use, or unintended page actions. While this is primarily a transparency and safety issue rather than an exploit primitive, lack of disclosure increases the chance of unsafe use.

Missing User Warnings

Low
Confidence
94% confidence
Finding
The skill explicitly instructs the agent to create a `.firecrawl/` directory, write outputs to local files, and modify `.gitignore`, but it does not warn about workspace mutation, overwriting existing files, or obtaining user consent before changing repository state. In an agent context, silent file writes and source-control-related changes can unintentionally alter a user's project, hide artifacts from version control, or clobber existing data.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill encourages search, scrape, crawl, and map operations against an external Firecrawl service but never discloses that user queries, target URLs, and potentially retrieved content are transmitted to a third party. In a security-sensitive or proprietary environment, this omission can lead to unintentional disclosure of confidential research topics, internal URLs, or sensitive web content.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill instructs users to send arbitrary URLs, search queries, and scraped page content to Firecrawl, a third-party external service, but provides no warning that browsing targets and retrieved data leave the local environment. This can lead to accidental disclosure of sensitive internal URLs, private documentation, query intent, or regulated data, especially because the skill encourages broad scraping, crawling, and search workflows as routine operations.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The instructions tell users to paste an API key directly into a shell command and to persist it in shell startup files, but do not warn that secrets entered on the command line may be exposed through shell history, process listings, logs, or screen capture. In an agent context, this is more dangerous because an automated assistant may echo, store, or mishandle the credential, increasing the chance of accidental secret disclosure.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly supports summarizing URLs, local files, PDFs, images, audio, and YouTube content using external model providers and optional fallback services, but it does not warn users that submitted content may be transmitted off-host. This creates a real data exposure risk because users may provide sensitive local documents or private URLs without understanding that their contents could be sent to third-party APIs such as OpenAI, Anthropic, Google, Firecrawl, or Apify.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal