Jina Web Fetcher - 网页抓取

Security checks across malware telemetry and agentic risk

Overview

This is a simple web-fetch helper that sends requested URLs to Jina AI, so it has privacy cautions but no hidden install, persistence, credentials, or destructive behavior.

Install only if you are comfortable sending target URLs, query strings, search terms, and fetched page content to Jina AI. Do not use it with localhost, private intranet hosts, cloud metadata endpoints, authenticated pages, or links containing secrets or tokens.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The skill instructs users to send arbitrary URLs and Google search queries through the external Jina AI proxy service without warning that those URLs and query terms are disclosed to a third party. This can expose sensitive targets, internal URLs, search intent, or proprietary research terms, and the broad 'support arbitrary URL' context makes the omission more dangerous because users may reasonably paste confidential destinations.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal