ClawHub

Selenium Browser

Security checks across malware telemetry and agentic risk

Overview

This skill needs review because it advertises a screenshot-and-finish workflow, but the actual script opens a supplied URL and keeps the browser running without producing the promised screenshot output.

Install only if you intentionally want a live Selenium-controlled browser session. Before use, fix the script or documentation so it either takes a screenshot, returns a real JSON result, and exits with a timeout, or clearly presents itself as an interactive browser launcher with explicit URL confirmation and limits.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The documentation says screenshots are saved in /home/main/clawd/diffusion_pdfs/, but the code actually writes to $HOME/screenshot.png or /tmp/screenshot.png. This discrepancy can mislead users and downstream tooling about where sensitive browser output is stored, causing accidental exposure, overwrites, or failure to apply expected access controls.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The documentation claims stdout is JSON that OpenClaw parses, but the script prints a Python dict representation, not valid JSON. This can break parser expectations, lead to incorrect automation behavior, and potentially cause error-handling paths to expose raw output or misreport execution status.

Vague Triggers

High
Confidence
98% confidence
Finding
The trigger conditions are extremely broad, including common words like 'open' and 'browser', so the skill may activate during ordinary conversation without clear user intent. In this skill's context, accidental activation can cause network navigation to arbitrary URLs and screenshot capture, increasing the chance of unwanted external requests or interaction with internal services.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill description does not clearly warn that it will launch a browser and navigate to arbitrary user-supplied URLs over the network. In agent environments, that omission is security-relevant because users and orchestrators may not realize the skill can make outbound requests, reach internal endpoints, or process untrusted web content.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal