ClawHub

Defuddle

Security checks across malware telemetry and agentic risk

Overview

This skill extracts webpage content and includes clearly documented optional scripts that can send the extracted text to WeChat or Telegram.

Installers should understand that extraction commands print content locally, while the optional send scripts transmit extracted page text to WeChat or Telegram. Only use those scripts with pages and destinations you trust, avoid sensitive or internal URLs, verify the npm defuddle package source, and inspect or replace the hardcoded WeChat helper path before running it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The skill is presented as a webpage content extraction tool, but it also documents scripts that send extracted content to WeChat and Telegram. This expands the skill from local processing into external data transmission, which can lead to unintended data exfiltration if users process sensitive pages without realizing the output is being forwarded to third-party messaging platforms.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The script descriptions broaden the advertised capability from parsing webpages into delivering extracted content to external messaging services. Even if this is intended functionality, documenting outbound delivery without prominent warnings or guardrails increases the risk of users sending copyrighted, private, or internal content to third-party endpoints.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The documentation describes sending extracted webpage content to WeChat and Telegram but does not warn about privacy, confidentiality, or data-handling implications. In context, the skill processes arbitrary webpages, so users may extract internal, authenticated, or otherwise sensitive content and then exfiltrate it to external messaging providers without adequate notice.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The script fetches content from a user-supplied URL and immediately forwards the extracted text to WeChat, causing network transmission of potentially sensitive data without any explicit warning, confirmation, or validation. This can lead to unintentional disclosure if the URL contains private, authenticated, or internal content, especially since the destination is an external messaging client.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The script fetches content from an arbitrary URL and immediately forwards the extracted text to a Telegram chat, creating a data exfiltration path without any consent prompt, visibility warning, or content review step. In an agent-skill context, this is more dangerous because users may invoke it on internal, authenticated, or sensitive URLs and unknowingly transmit retrieved data to an external messaging service.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal