ClawHub

web-replication

Security checks across malware telemetry and agentic risk

Overview

This skill appears to map and reproduce public website designs, with disclosed crawling and asset capture, but it should only be used on sites the user owns or has permission to copy.

Install only if you intend to analyze or recreate websites you own, control, or have permission to copy. Do not provide credentials, do not crawl private/account/checkout/admin areas, and verify robots.txt, rate limits, licensing, and asset reuse rights before running broad capture workflows.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The workflow’s recursive exploration and example sitemap explicitly include login and registration pages, which creates ambiguity around whether the agent should interact with authentication-related surfaces despite the stated restriction against non-public or behind-login content. Even if only public login forms are visited, this broadens the scraping scope into sensitive areas and increases the risk of collecting auth-related UI states, identifiers, or user-entered data if later steps are misapplied.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The skill instructs the agent to download site assets and extract SVG source code, which goes beyond simple visual observation and materially facilitates cloning of copyrighted frontend components. In the context of a replication skill, this makes direct reproduction easier and increases legal and misuse risk, especially when combined with recursive capture of the site’s structure and interactions.

Intent-Code Divergence

Low
Confidence
84% confidence
Finding
The skill says to respect robots.txt and rate limits, but the operational procedure does not actually check robots directives or impose crawl controls before performing exhaustive recursive exploration. That mismatch can cause the agent to over-crawl targets in ways the documentation claims to avoid, increasing the chance of policy violations and unwanted load on third-party sites.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal