ClawHub

Actionbook

Security checks across malware telemetry and agentic risk

Overview

The skill is a coherent browser-automation helper, but it grants broad control over websites, cookies, scripts, and logged-in sessions without tight user-approval boundaries.

Install only if you trust the separate Actionbook CLI/provider and need broad browser automation. Use dedicated low-privilege browser profiles, avoid sensitive financial or personal accounts, protect profile directories and tokens, review any JavaScript before running it, and require explicit confirmation before submitting forms, sending messages, posting content, booking services, changing settings, or modifying cookies.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

High
Confidence
94% confidence
Finding
The skill description is extremely broad ('interact with any website') and is likely to trigger for a very large fraction of web-related requests, causing over-selection of this skill over more specific or safer alternatives. In an agent system, that increases the chance of unintended browser automation, scraping, form submission, or interaction with sensitive sites without sufficiently scoped guardrails.

Vague Triggers

High
Confidence
97% confidence
Finding
The activation criteria use catch-all language like 'Needs to do anything on a website' and include open-ended examples covering nearly all browser tasks, which makes the skill eligible in ambiguous situations. Given that the skill exposes actionable browser commands and guidance for interacting with external sites, broad activation materially raises the risk of misuse, unintended autonomous actions, and unsafe handling of authenticated or sensitive web sessions.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal