ClawHub

Tor Browser Automation

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Tor-routed browser automation tool, with expected privacy and local-file handling caveats but no artifact-backed malicious behavior.

Install only if you intentionally need Tor-routed browsing or .onion automation. Keep Tor services bound to localhost, avoid exposing ports 9050/9051, use trusted or pinned dependencies where possible, supervise clicks and form fills, and treat screenshots or extracted content as sensitive local files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill clearly performs network-capable actions, including outbound browsing through Tor and access to external and .onion resources, but does not declare corresponding permissions. Missing permission declarations weaken policy enforcement and user awareness, making it easier for the skill to be invoked in contexts where network access was not expected or approved.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The description is broad enough to match generic browsing, scraping, and navigation requests, even though this skill is specifically for Tor-based anonymous access. Overbroad invocation language can cause inappropriate tool selection, routing ordinary browsing tasks through Tor or sending sensitive browsing activity to a high-risk anonymity workflow without clear user intent.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The documentation advertises screenshots and data extraction but does not warn that screenshots create local files and may capture sensitive page contents, credentials, illegal material, or identifying metadata. In a Tor/dark-web context, captured content is especially sensitive, and silent persistence to disk increases exposure if logs, workspaces, or artifacts are later accessed.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal