ClawHub

Agent Browser

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed browser-automation wrapper, but users should handle saved browser sessions and captured artifacts carefully.

Install this only if you need browser automation and trust the external agent-browser npm package. Use isolated browser sessions or test accounts for sensitive sites, supervise actions that submit or change data, avoid uploading private files unless intended, and protect or delete saved state files, screenshots, PDFs, recordings, traces, cookies, and localStorage dumps when finished.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill documents capabilities to upload files, capture screenshots/PDFs, set credentials, and save/load browser state, but it provides no safety guidance about handling secrets, personal data, session tokens, or sensitive local files. In an agent context, these features can easily cause unintended exfiltration or persistence of confidential data because the tool is expressly designed to automate browsing and data movement.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The recording and tracing sections describe capturing browser activity while noting that cookies/storage-derived state is preserved, but they omit a warning that recordings, traces, console logs, and debugging artifacts may contain sensitive page content, tokens, or user data. This is especially risky in an agent skill because artifacts may be stored, shared, or inspected outside the original browsing context.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal