ClawHub

test-auto-study

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed browser automation skill for learning platforms, but it can use logged-in browser sessions, save quiz records/screenshots locally, and submit work when explicitly requested.

Install only if you are comfortable letting an agent drive a logged-in browser profile for study sites, save local screenshots and answer records, and submit quizzes when you explicitly ask. Use a dedicated profile, avoid formal exams or prohibited automation, and periodically delete stored auto-study records if they contain sensitive course, score, or account information.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (8)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README explicitly shows automatic submission plus persistent storage of screenshots and answer records, but it does not clearly disclose the privacy and data-retention implications of saving educational content, scores, and potentially personally identifying account context to disk. In a browser-automation skill that uses a dedicated persistent profile and handles logged-in study platforms, this omission increases the risk of unintended retention or exposure of sensitive educational data on shared or insecure systems.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill explicitly instructs reuse of a persistent Chrome profile and attachment to an existing CDP session, which can expose cookies, saved credentials, browsing history, and authenticated account state across tasks. In a study-automation context, this increases the chance of unintended access to the user's accounts or leakage of sensitive session data without any user-facing notice or consent.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The instruction to build a markdown record before applying answers implies local retention of page-derived content, but the skill does not warn that potentially sensitive educational records, prompts, or account-linked activity may be written to disk. This can create privacy and compliance issues if the workspace is shared, synced, or insufficiently protected.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill specifies on-disk storage of records and screenshots, including full-page and per-question captures, without warning that these files may contain personal data, course content, answers, names, IDs, or other sensitive information. Screenshots are particularly risky because they can capture far more context than necessary and persist outside the browser's normal access controls.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill explicitly instructs the agent to capture a full-page screenshot and persist both the screenshot and a markdown record of questions and answers to local storage. On an educational platform, those artifacts can contain personal data, course content, grades, and answer material, creating unnecessary retention of sensitive information without any user notice, consent, minimization, or cleanup guidance.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill explicitly instructs the agent to create a task directory, capture screenshots of all questions, and write the extracted questions and options into a markdown file without any requirement for user confirmation, disclosure, or data-minimization. In an exam/homework context, this can persist potentially sensitive course content and student work locally, creating privacy, integrity, and academic-misconduct risks beyond what a user may expect from simple page assistance.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill directs the agent to apply answers and submit the assignment, including handling a second confirmation popup, but provides no mandatory user approval checkpoint before the irreversible submission action. In the context of an exam-answering automation skill, this is especially dangerous because it can finalize academic work, cause unintended submissions, and facilitate cheating or unauthorized actions on the user's behalf.

Ssd 3

Medium
Confidence
88% confidence
Finding
The README explicitly says the skill stores screenshots, extracted questions, answers, and scores into workspace files for later retrieval. On shared machines or loosely permissioned agent workspaces, this creates unnecessary retention of educational session data that may include account-linked activity, copyrighted question banks, or sensitive performance information, increasing exposure if the workspace is accessed by other skills, users, or malware.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal