ClawHub

Agent Browser Juan

Security checks across malware telemetry and agentic risk

Overview

This is a legitimate browser automation skill, but it gives agents broad access to authenticated browser sessions and persisted session artifacts without enough safety guidance.

Install only if you trust the upstream agent-browser CLI and intend to give the agent browser-control authority. Before use, set explicit boundaries: require confirmation before logging in, submitting forms, uploading files, changing accounts, using eval/CDP/network interception, or saving/loading session state. Treat saved state files, cookies, storage dumps, screenshots, PDFs, traces, and recordings as sensitive credentials or private data; keep them out of repositories and delete them when no longer needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (5)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill explicitly documents saving and loading browser session state to a local file without warning that the file may contain cookies, authentication tokens, and other sensitive session artifacts. In an agent context, this can lead to credential reuse, account takeover, or accidental leakage if the state file is stored insecurely, shared, or committed to source control.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill exposes commands to read cookies and localStorage, which commonly contain session identifiers, CSRF tokens, and other sensitive user data, but provides no privacy or authorization warning. In an AI-agent workflow, this materially increases the risk of secret extraction from authenticated browsing sessions and inadvertent disclosure in logs or outputs.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documented screenshot, PDF, video, and trace outputs can capture sensitive on-screen data, authenticated content, personal information, and session context, yet the skill omits any warning about secure handling of these artifacts. Because these files are written to disk and may be shared for debugging, they create a realistic risk of data exposure beyond the original session.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly documents saving and loading authenticated browser state without warning that these files may contain reusable session cookies or other sensitive authentication artifacts. In an agent context, this can lead to unintended persistence, reuse, or exfiltration of live sessions if the state file is stored insecurely, shared, or used across tasks.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The recording feature states that it preserves cookies and storage from the current session, which means recordings may occur in an authenticated context and associated artifacts may expose sensitive account data or actions. Without a warning, users or agents may record demos/debug traces while logged in, unintentionally capturing private information or privileged workflows.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal