Security audit

web-scraper

Security checks across malware telemetry and agentic risk

Overview

This scraping skill is coherent, but it gives an agent broad access to a live Chrome session and exported webpage data without strong consent boundaries.

Install only if you trust the DataLens npm package and Chrome extension. Use it on pages you intentionally want scraped, avoid sensitive logged-in accounts unless you understand what page data may be processed, preview small runs first, and review local exports under /tmp/datalens after use.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The skill instructs the agent to export scraped data to files under local directories like /tmp/datalens without requiring user confirmation or warning that page-derived data will be written to disk. This can persist sensitive scraped content locally, expand exposure beyond the live session, and surprise users who expected ephemeral handling only.

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The skill exposes browser_open_tab, browser_use_tab, and browser_close_tab operations without a clear warning or consent boundary around modifying the user's active browser session. An agent using these commands could disrupt the user's work, switch context, or navigate to unintended pages, which is especially sensitive because the skill operates against a live Chrome session tied to user state and logins.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal