scrapling-mcp
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or security vulnerabilities were detected in the skill files. Analysis confirmed that all external references point to official documentation or well-known repositories.
- [INDIRECT_PROMPT_INJECTION]: The skill inherently processes untrusted data from the web through its scraping tools, creating a surface for indirect prompt injection. This is an expected risk for a scraping utility.
- Ingestion points: Web content fetched via MCP tools (
fetch_page,fetch_dynamic,fetch_stealthy) and helper scripts (scripts/scrapling_scrape.py,scripts/scrapling_smoke_test.py). - Boundary markers: No explicit markers are defined in the scripts to delimit untrusted data from instructions.
- Capability inventory: The skill facilitates network operations via fetchers and file writing via spider results (
to_jsonl). - Sanitization: The provided scripts perform extraction but rely on the agent or user for final data validation.
- [EXTERNAL_DOWNLOADS]: The documentation provides standard instructions for installing the
scraplingpackage and its dependencies from official registries like PyPI.
Audit Metadata