ClawHub
Back to skill

Security audit

adspower-browser

Security checks across malware telemetry and agentic risk

Overview

This skill fits its AdsPower management purpose, but it gives an agent sensitive and destructive browser-profile authority without enough confirmation or secret-handling guidance.

Install only if you trust the external adspower-browser npm package and want an agent to manage AdsPower profiles. Require explicit confirmation before delete, cache wipe, close-all, profile sharing, proxy changes, cookie export, or fingerprint changes, and avoid pasting API keys, passwords, cookies, 2FA keys, or proxy credentials into shared logs or transcripts.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The skill advertises broad trigger phrases such as opening environments/profiles and maps them directly to operational commands. In an agent setting, overly generic activation language can cause accidental invocation on ordinary user speech, leading to unintended profile launches or state-changing actions without sufficiently explicit confirmation.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill documents destructive operations such as delete-browser, delete-cache-v2, delete-tag, delete-proxy, close-all-profiles, and update actions without an explicit warning that these actions can remove data, disrupt sessions, or alter environments irreversibly. In an autonomous or semi-autonomous agent workflow, this increases the risk of accidental destructive execution from ambiguous or underspecified user requests.

Missing User Warnings

Low
Confidence
88% confidence
Finding
The documentation instructs users to pass API keys on the command line and via environment variables, but does not clearly warn that these credentials are sensitive and may be exposed through shell history, process listings, logs, or transcripts. While this is common operational guidance, omitting credential-handling precautions creates avoidable secret leakage risk.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The documented actions are operationally powerful but described with minimal behavioral constraints, which can cause an agent to invoke proxy-management commands from vague user language without adequate confirmation or validation. In this skill context, proxy creation and modification can alter network routing and account behavior, so underspecified command boundaries increase the chance of unsafe or unintended changes.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill exposes bulk deletion of proxies without documenting any warning, confirmation, or safeguard around destructive impact. In an agent setting, this raises the risk that ambiguous instructions or prompt injection could trigger irreversible removal of proxy configurations, disrupting browser profiles and automation workflows.

Vague Triggers

Medium
Confidence
84% confidence
Finding
Many trigger phrases are generic everyday language such as 'list', 'categories', 'new tab', 'screenshot', 'open browser', and similar bilingual variants. In an agent-routing context, broad triggers can cause accidental invocation of powerful tools, including profile deletion, sharing, proxy management, and browser automation, especially when user intent is ambiguous or conversational.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The mapping exposes destructive capabilities such as permanent deletion of browser profiles, deletion of proxies/tags, closing all profiles, cache wiping, and profile sharing, but the documented intents/triggers do not signal irreversible effects or require explicit user acknowledgment. This increases the chance that an agent invokes a destructive command based on a casual request, resulting in data loss or operational disruption.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.