通用网页抓取工具

Security checks across malware telemetry and agentic risk

Overview

This appears to be a purpose-aligned content-scraping/export skill, but users should only run it on sources they are authorized to monitor and handle exported data carefully.

Before installing, confirm you are allowed to collect from the configured sources, avoid private or sensitive data, keep exported reports in a controlled location, and review any scheduled automation so it only runs when and where you expect.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The skill encourages automatic scraping and export of collected content without any warning about privacy obligations, robots/site terms, sensitive data collection, or downstream handling of exported data. In practice, this can lead users or agents to collect personal, proprietary, or restricted information and store or redistribute it unsafely.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal