Huo15 Js Scraper

Security checks across malware telemetry and agentic risk

Overview

This is a mostly coherent web-scraping skill, but it needs review because it encourages anti-bot evasion and stores reusable login cookies in a local file without strong protection.

Install only after reviewing the scraping targets and account risks. Treat ~/.cache/huo15-js-scraper/qichacha_cookies.json as a secret, delete it when finished, avoid using shared machines, and use this only on sites and accounts where automated access is authorized.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (6)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 88% confidence
Finding: The skill exposes network access plus local file read/write behavior but does not declare permissions, which weakens transparency and any policy enforcement built around declared capabilities. In this context the undocumented capabilities include scraping remote sites, persisting cookies, and writing knowledge-base files, so operators may invoke it without realizing it can store authenticated session material or modify local content.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 93% confidence
Finding: The advertised purpose is a generic JS-rendered page scraper, but the documented behavior goes further into authenticated Qichacha scraping, persistent cookie handling, and bulk downloading/writing of WeCom documentation. That mismatch is dangerous because users or security controls may approve a seemingly simple scraper while actually enabling account-based data extraction and local persistence of sensitive artifacts.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The script persists authenticated Qichacha cookies in a predictable local file under the user's home directory without any protection, permission hardening, encryption, or clear warning that these tokens may grant account access. If another local user, process, malware sample, or backup/sync mechanism reads that file, the session can be reused to impersonate the user and access account-scoped data.

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The scraper silently reloads previously saved authentication cookies and uses them to send authenticated requests to qcc.com, but the user is not clearly informed at execution time that their logged-in session will be reused for remote access. This can cause unintended account actions or data access under the user's identity, especially in an agent-skill context where tools may be invoked indirectly or by higher-level automation.

Ssd 2

Medium

Confidence: 95% confidence
Finding: The description explicitly promotes bypassing anti-bot protections and using alternate engines when ordinary fetching fails. In a scraping skill, that context makes the behavior more dangerous because it encourages evasion of site defenses, potentially violating access controls, terms of service, or triggering abusive collection against protected targets.

Ssd 2

Medium

Confidence: 96% confidence
Finding: Recommending a stealth configuration for Cloudflare-protected sites is a direct signal of anti-abuse evasion rather than normal rendering support. This increases risk because the skill is not merely loading dynamic pages; it is guiding users toward defeating protective controls on sites that intentionally restrict automated access.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal