Web Scraper Seller

Security checks across malware telemetry and agentic risk

Overview

This is a text-only advertisement for web-scraping services; it is broad and needs careful legal scoping, but it does not install code or request access.

Before using or hiring this service, define authorized target sites, allowed fields, rate limits, retention rules, and opt-out/stop controls. Avoid scraping personal, sensitive, authenticated, or access-controlled data unless you have clear authorization and a valid legal basis.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The skill claims it can build custom web scrapers for any website, which is an overly broad capability statement with no scope limits, target restrictions, or policy safeguards. In an agent setting, this can enable misuse for scraping restricted, sensitive, or policy-prohibited sources because the trigger boundary is undefined.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill advertises full website scraping, lead generation, competitor tracking, and real-time monitoring without any legal, privacy, or site-policy warnings. That combination materially increases the risk of collecting personal data, violating website terms, or enabling mass surveillance and bulk harvesting at scale.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal