ClawHub

Enable Chrome Gemini

Security checks across malware telemetry and agentic risk

Overview

This skill openly edits Chrome’s Local State to enable or repair Gemini, with no evidence of hidden network activity, credential access, or destructive behavior.

Install only if you are comfortable with a local script changing Chrome’s Gemini eligibility, region, experiment flags, and language settings. Run --dry-run first, confirm the Chrome profile path, close Chrome before applying changes, avoid --force unless necessary, and keep the generated backup so you can restore the prior Local State if needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill instructs users to run a local Python script that reads and writes Chrome profile data and may invoke shell execution, yet it declares no permissions. That mismatch weakens review and user consent because a caller may not realize the skill can modify browser state, which is especially sensitive given it edits the Chrome Local State file and can be forced while Chrome is open.

Natural-Language Policy Violations

Medium
Confidence
93% confidence
Finding
The skill changes Chrome UI and accept-language settings to English values as part of the repair flow, which alters user preferences and can affect browsing behavior, localization, and content negotiation without clear opt-in. In context, this is more concerning because the skill also changes eligibility and region fields to bypass normal availability checks, so the language change is not strictly necessary for many users and broadens the scope of modification to personal browser settings.

Natural-Language Policy Violations

Medium
Confidence
90% confidence
Finding
The default prompt instructs the agent to perform "language normalization" automatically, which can cause configuration changes without explicit user consent or context-specific validation. Modifying language or regional settings is security-relevant because it can alter application behavior, eligibility gates, and user experience in ways the user may not expect, especially when combined with repair/setup actions on local browser state.

Natural-Language Policy Violations

Medium
Confidence
91% confidence
Finding
The script intentionally rewrites Chrome's eligibility and locale-related Local State fields to US/English defaults, which can bypass regional rollout and alter user configuration without meaningful validation or informed consent. In the skill context, this is more concerning because the stated purpose is to enable Gemini outside the US, so the behavior is explicitly designed to circumvent product gating rather than merely repair corruption.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal