ClawHub

问专家 - Playwriter模式

Security checks across malware telemetry and agentic risk

Overview

This skill is a browser-automation helper for logged-in AI websites, but it is under-scoped and explicitly supports risky uses like bot-detection bypass.

Review carefully before installing. Use only with a dedicated browser profile or low-risk account, verify the Playwriter package and extension, avoid sensitive personal or work data, clean up sessions and screenshots after use, and do not use it to bypass anti-bot controls or automate sites against their rules.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The skill instructs use of pyautogui to move the mouse and click fixed screen coordinates, which gives the workflow arbitrary desktop UI-control beyond the stated purpose of asking an AI question. In the context of a logged-in browser, this can misfire on different screen layouts or be repurposed to click sensitive UI elements, enabling unintended actions in authenticated sessions.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger phrase "问 AI" is so broad that it is likely to activate on ordinary conversation unrelated to this skill's high-risk browser automation behavior. Because the skill can interact with a logged-in browser and external AI sites, accidental invocation increases the chance of unintended data submission or browser control.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The trigger phrase "使用专家模式" is ambiguous and does not clearly signal that the skill will automate a logged-in browser session. This makes accidental activation more likely, which is especially risky given the authenticated-browser and external data-sharing context.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill is designed to connect to a user's already logged-in Chrome browser and submit content to third-party AI sites, but it does not warn about privacy, account, or session risks. In this context, the omission is dangerous because authenticated browsing state may expose sensitive data, and prompts or retrieved content may be sent to external services without informed consent.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The workflow includes taking and saving screenshots locally without any warning about capture, retention, or sensitivity of the browser contents. Since the browser may be logged in to AI or other services, screenshots can store tokens, personal data, or confidential conversations on disk where they may be reused or exposed later.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal