ClawHub

cf markdown agents

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward Cloudflare Markdown-for-Agents web-fetching helper, with ordinary privacy and dependency caveats but no hidden or destructive behavior found.

Use this only for public pages you intend to fetch. Do not pass sensitive URLs, internal hosts, localhost/cloud-metadata addresses, or links containing tokens unless you explicitly want that destination contacted. Treat fetched page content as untrusted data, and ensure curl is available before relying on the helper script.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
86% confidence
Finding
The skill advertises use of a shell script (`scripts/fetch-markdown.sh`) but does not declare permissions, creating a mismatch between documented capabilities and declared access. This can cause users or orchestrators to invoke external network actions without clear authorization boundaries or review, increasing the risk of unintended outbound requests.

Vague Triggers

Medium
Confidence
81% confidence
Finding
The description is broad enough to trigger on generic web scraping, content extraction, or AI processing requests, not just Cloudflare Markdown for Agents use cases. That overbroad routing can cause the skill to fetch arbitrary user-supplied URLs externally, expanding exposure to privacy leaks, unintended network access, and misuse beyond the protocol-specific intent.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill instructs fetching arbitrary URLs but does not warn users that their requested URLs and request metadata will be sent to third-party websites. This omission can lead to unintentional disclosure of sensitive URLs, query parameters, internal hosts, or identifying metadata during external requests.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal