ClawHub

Page Fetch

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent webpage extraction tool with expected network, script, and optional browser behavior, but users should be careful with cookies, private URLs, and explicit save options.

Install only if you want an agent to fetch and extract webpage content. Avoid passing login cookies unless necessary and trusted, do not use it against internal or private network URLs unless that is intentional, and specify an explicit --output path if you enable --save-json.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
return 2

    cmd = [node, "-e", RENDER_SNIPPET, args.url, str(args.wait_ms)]
    run = subprocess.run(cmd, capture_output=True, text=True, env=node_env_with_global_modules())
    if run.returncode != 0:
        payload = {
            "url": args.url,
Confidence
93% confidence
Finding
run = subprocess.run(cmd, capture_output=True, text=True, env=node_env_with_global_modules())

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill instructs the agent to use shell commands, network access, and optional file writes, but it does not declare any permissions or capability boundaries. This can lead to silent over-privilege, where the skill is invoked without transparent authorization for external requests or persistence, increasing the chance of unintended data access or writes.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The description says to use this skill whenever a user asks to open, inspect, summarize, translate, verify, or quote a webpage, which is broad enough to capture many routine requests without clear opt-in boundaries. Over-broad activation increases the likelihood of the agent performing network fetches and shell-backed tooling unexpectedly, especially when the skill has nontrivial capabilities.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The example triggers include common phrases like opening, summarizing, translating, or checking a webpage, which are everyday requests that may cause unintended invocation. In this skill, unintended invocation is more significant because it can initiate external network access and local command execution, even though the purpose of the skill itself is legitimate.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
This runner accepts a raw cookie string and forwards it to downstream fetch scripts, potentially sending session credentials to remote sites and exposing them via process arguments to local users or logs. In a web-fetching skill, credential material is especially sensitive because it may grant access to private content and can be mishandled across fallback paths.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal