Trust Assessment
web-scraper received a trust score of 68/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 2 findings: 1 critical, 0 high, 1 medium, and 0 low severity. Key findings include Unpinned dependencies in setup instructions, Potential for arbitrary JavaScript execution via `page.evaluate`.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 63/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Potential for arbitrary JavaScript execution via `page.evaluate` The `scrapeWithBrowser` function uses `client.page.evaluate()`, which allows executing arbitrary JavaScript code within the context of the target web page. Although the provided snippet shows a hardcoded script, the function signature `scrapeWithBrowser(url, extractScript)` and the comment `// JavaScript実行でデータ抽出` (Execute JavaScript for data extraction) strongly suggest that the skill might allow user-provided JavaScript to be executed. If the `extractScript` parameter (or any other mechanism) is derived from untrusted user input, this constitutes a severe command injection vulnerability, allowing an attacker to execute arbitrary code in the browser context, potentially leading to data exfiltration, session hijacking, or other malicious activities. This also represents excessive permissions granted to user input. 1. **Prevent user-controlled JavaScript**: Ensure that no user input can directly or indirectly influence the code executed by `client.page.evaluate()`. 2. **Strict Sandboxing**: If user-provided scripts are absolutely necessary, execute them in a highly restricted sandbox environment with minimal privileges and strict output filtering. 3. **Alternative Extraction Methods**: Prefer using safer, declarative methods for data extraction (e.g., CSS selectors, XPath) that do not involve executing arbitrary code. 4. **Review `createClient`**: Ensure the `createClient` function and its underlying implementation are secure and do not expose additional attack surfaces. | LLM | SKILL.md:80 | |
| MEDIUM | Unpinned dependencies in setup instructions The skill's setup instructions recommend installing `puppeteer` and `cheerio` without specifying exact versions. This introduces a supply chain risk, as future installations could pull in vulnerable or malicious versions of these packages. While this is a manual setup step for a local version, it impacts the integrity and security of the skill's environment if not properly managed. Pin dependency versions (e.g., `npm install puppeteer@^X.Y.Z cheerio@^A.B.C`) or use a lock file (e.g., `package-lock.json`) to ensure consistent and secure installations. | LLM | SKILL.md:69 |
Scan History
Embed Code
[](https://skillshield.io/report/82b2d741c0ec0a49)
Powered by SkillShield