skills/0xmassi/webclaw-skill/webclaw/Gen Agent Trust Hub

webclaw

Pass

Audited by Gen Agent Trust Hub on Jul 2, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the webclaw-mcp server using npx create-webclaw, which retrieves and executes code from the npm registry.
  • [DATA_EXFILTRATION]: Certain functionalities, such as the research tool or scraping bot-protected pages with a WEBCLAW_API_KEY, involve sending URL data and page content to the webclaw.io hosted engine for processing.
  • [PROMPT_INJECTION]: As a tool designed to fetch and clean web content for LLMs, it inherently processes untrusted data which could contain malicious instructions (Indirect Prompt Injection). * Ingestion points: The url parameter is used across multiple tools including scrape, crawl, and extract (SKILL.md). * Boundary markers: The skill provides an llm format designed to be optimized for models, though explicit instruction-isolation markers are not described. * Capability inventory: The MCP server executes network requests and data processing; no direct shell execution or file-write capabilities are described in the instruction set. * Sanitization: The skill normalizes content through an extraction pipeline that turns any URL into clean Markdown, text, or JSON.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 2, 2026, 03:34 PM
Security Audit — agent-trust-hub — webclaw