ClawHub

slbrow-skill

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed browser-automation skill, but it should be used carefully because it can read browser history and page content and control tabs through a local SLBrow service.

Install only if you trust the separate SLBrow server and browser extension. Keep the service bound to localhost, run it only when needed, and avoid using it with highly sensitive browser profiles. Confirm explicitly before letting an agent search history, extract page content, read selected text, close tabs, or apply Seelink video AI functions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Description-Behavior Mismatch

Medium
Confidence
84% confidence
Finding
The manifest frames the skill as browser automation and content analysis, but the documented toolset also includes AI transformations on Seelink video players, which is a broader and more sensitive capability than described. This scope expansion can mislead users and downstream agents about what actions are possible, increasing the chance of unexpected manipulation of video content.

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The API reference exposes Seelink/VAI player-control capabilities that appear outside the declared browser-automation scope, creating a scope mismatch between what the skill claims and what it can actually do. Undocumented or unexpected control surfaces increase the chance of misuse, weak review, and unsafe invocation of media/AI actions on browser content.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill documents browser-history search functionality without any privacy warning, minimization guidance, or consent requirement, even though history can expose sensitive personal, corporate, and authentication-related browsing patterns. In an agent context, this creates a real risk of over-collection or disclosure of private user data.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill provides direct browser-control actions such as creating tabs, navigating pages, and closing tabs, but it does not warn about user impact like data loss, workflow interruption, or navigation to untrusted destinations. In an automation setting, these actions can alter user state or destroy unsaved work if invoked carelessly or maliciously.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly instructs the agent to issue a direct HTTP POST request to a local service as a fallback, but provides no requirement for user notice, confirmation, or validation of what data is being sent. Even though the target is localhost, this still triggers an external action to another process and could cause unintended side effects or disclosure if page-derived data is later included in similar requests.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documented tools can access browser history, selected text, page links, and extracted page content, all of which may contain sensitive personal or enterprise data. Presenting these capabilities without privacy warnings, consent expectations, or minimization guidance makes inadvertent data exposure more likely during normal use.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The `tab_close` action can disrupt a user's active browsing session and potentially cause loss of work if invoked on the wrong tab set. Because the reference lacks any warning or confirmation guidance, an agent could treat it as a routine action despite its destructive effect.

Missing User Warnings

High
Confidence
96% confidence
Finding
`get_history` exposes sensitive browser history search capability, including keyword and domain filtering across date ranges, without any indication of user-consent requirements, warning text, or purpose limitation. An agent using this tool could silently profile a user's interests, habits, accounts, medical/financial research, or other private activity, making privacy harm and data misuse likely in the skill's browser-automation context.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal