Back to skill

Security audit

Agent Browser Clawdbot 0

Security checks across malware telemetry and agentic risk

Overview

This is a coherent browser automation skill, but it gives agents access to logged-in browser sessions and cookie/storage controls without enough safety guidance.

Install only if you trust the external agent-browser CLI and need agent-driven website automation. Use separate test accounts or isolated sessions where possible, require explicit approval before purchases, account changes, public posts, or admin actions, and treat saved auth files, cookies, and storage values like passwords.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill explicitly recommends saving and loading browser auth state files to skip login flows, but does not warn that these files can contain session cookies, local storage tokens, and other credentials. In an agent context, this increases the risk that sensitive authentication material is persisted insecurely, reused across tasks, or exfiltrated through logs, file sharing, or prompt injection-driven workflows.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill documents commands for reading and modifying cookies and browser storage without any safety guidance, which exposes agents to direct access to session identifiers, CSRF tokens, and other sensitive client-side data. Because this is a browser automation skill intended for AI agents, the absence of guardrails makes misuse or accidental disclosure more likely, especially when agents may inspect, print, or alter sensitive values automatically.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.