Back to skill

Security audit

Novel Scraper SPA

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward web novel scraper that fetches a user-provided page and saves extracted text locally.

Install only if you want an agent to fetch web pages you specify and save scraped text files. Use it on public pages you are allowed to access, avoid private or authenticated URLs, and choose book/chapter names or custom output paths carefully because existing files can be overwritten.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The skill states that scraped content will be written to a workspace directory but does not warn users about file creation, naming, or possible overwrite effects. In a scraping context, automatic file writes can lead to unanticipated persistence of untrusted content, collisions with existing files, or accidental data loss if filenames are derived from user-controlled inputs.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.