webclaw
Pass
Audited by Gen Agent Trust Hub on Jul 2, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
webclaw-mcpserver usingnpx create-webclaw, which retrieves and executes code from the npm registry. - [DATA_EXFILTRATION]: Certain functionalities, such as the
researchtool or scraping bot-protected pages with aWEBCLAW_API_KEY, involve sending URL data and page content to thewebclaw.iohosted engine for processing. - [PROMPT_INJECTION]: As a tool designed to fetch and clean web content for LLMs, it inherently processes untrusted data which could contain malicious instructions (Indirect Prompt Injection). * Ingestion points: The
urlparameter is used across multiple tools includingscrape,crawl, andextract(SKILL.md). * Boundary markers: The skill provides anllmformat designed to be optimized for models, though explicit instruction-isolation markers are not described. * Capability inventory: The MCP server executes network requests and data processing; no direct shell execution or file-write capabilities are described in the instruction set. * Sanitization: The skill normalizes content through an extraction pipeline that turns any URL into clean Markdown, text, or JSON.
Audit Metadata