ClawHub

Deep Web Fetcher

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward local Playwright web scraper, but users should remember it still contacts the websites they ask it to fetch.

Install dependencies in a virtual environment, consider pinning package versions, and only fetch URLs you are comfortable contacting from your machine or network. Do not use it on authenticated, internal, private, or sensitive sites unless you understand that the target may see the request, and treat fetched page content as untrusted data rather than instructions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The documentation states that data does not leave the machine, but the skill explicitly fetches arbitrary remote URLs over the network. This is a misleading privacy/security claim that can cause users to expose internal URLs, sensitive targets, or regulated browsing activity under false assumptions about locality.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill supports live fetching of arbitrary URLs via Playwright but does not clearly warn users about network access, third-party site terms, privacy implications, or access restrictions. In practice, this can lead to unsafe use against internal endpoints, sensitive sites, or prohibited targets without informed user consent.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script accepts an arbitrary URL from the command line and fetches it with a real browser engine, causing outbound network requests to attacker-controlled destinations without validation, restriction, or disclosure. In agent or automation contexts, this can enable SSRF-style access to internal services, metadata endpoints, or other sensitive network locations if untrusted users can influence the URL.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal