ClawHub

Camoufox Tools

Security checks across malware telemetry and agentic risk

Overview

This browser-scraping skill shows no clear malware, but it openly promotes anti-detection scraping and changes shell startup files persistently.

Install only if you intend to use anti-detection browser automation and are authorized to automate the target sites. Avoid using it in sensitive logged-in sessions, treat fox-eval as arbitrary page JavaScript execution, and review or remove the PATH line from your shell profile if you uninstall it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The skill description advertises scraping and data extraction but does not clearly warn that it connects to remote sites, may transmit browsing metadata, and can collect content from third-party services. Users may invoke it without understanding network, privacy, and compliance implications, especially when targeting real sites like Bilibili.

Missing User Warnings

High
Confidence
95% confidence
Finding
The documentation explicitly promotes anti-detection browser automation to bypass site defenses and risk controls, which can facilitate evasion of anti-bot systems and unauthorized scraping. In this context, the anti-detection framing materially increases abuse potential because it is presented as a feature for accessing protected remote services without any compliance or account-risk warning.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The installer appends an export line directly to the user's shell startup file without prompting, previewing the change, or requiring explicit consent. While this is a common convenience pattern for CLI installers, silently modifying persistent shell configuration can surprise users, break environment setups, or create a precedent for more dangerous persistence behaviors if the install location is later compromised.

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal