ClawHub

Agent-Browser-Bridge-AI

Security checks across malware telemetry and agentic risk

Overview

This skill openly provides stealth browser automation for scraping, lead generation, and bypassing site defenses, so it should be reviewed carefully before use.

Install only if you have explicit authorization for the sites and accounts you will automate. Avoid using it for unsolicited lead harvesting, protected-site scraping, bypassing access controls, or automation that violates site terms. If used, keep raw MCP disabled unless necessary, restrict targets to approved domains, avoid authenticated personal accounts unless intended, and monitor the local bridge process.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill explicitly supports bulk email and phone extraction, lead-generation scraping, and CSV export without any privacy, consent, or lawful-use guardrails. In an agent context, this materially lowers the barrier to harvesting personal contact data at scale and enables downstream spam, profiling, or unauthorized data collection.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The documented anti-detection features are designed to disguise automation, spoof browser fingerprints, and automatically defeat consent/interstitial flows, all without any compliance or integrity warning. In practice this helps agents bypass bot defenses and interact with sites under false pretenses, increasing the likelihood of unauthorized access, policy evasion, and abusive scraping.

Ssd 2

High
Confidence
99% confidence
Finding
The skill is explicitly framed around anti-detection browser control, stealth anti-fingerprinting, and avoiding looking like a bot. That framing indicates the primary purpose is evasion of platform defenses rather than ordinary automation, which makes the skill substantially more dangerous in agentic use because it can be directed toward protected-site scraping and access under concealment.

Ssd 4

High
Confidence
95% confidence
Finding
The use cases normalize bypassing WAFs, collecting data from protected sites, and gathering training data without getting blocked, which operationalizes the stealth features toward abusive collection workflows. This context makes the overall package more dangerous because it provides both the means and the intended misuse scenarios for evading defenses at scale.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal