ClawHub

Agent Browser Zh

Security checks across malware telemetry and agentic risk

Overview

This is a browser automation helper whose powerful browser, file, recording, and session features are visible and aligned with its purpose.

Install only if you trust the upstream agent-browser package. Avoid saving auth state unless necessary, protect files like auth.json as credentials, keep screenshots/videos/traces out of logs and version control, and confirm any action that uploads files, changes accounts, submits forms, purchases, posts, or deletes data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill explicitly promotes saving and reloading authenticated browser state to a file such as auth.json, but does not warn that this file can contain sensitive cookies, bearer-like session tokens, or other credentials. In an agent setting, this can normalize insecure handling of reusable authentication artifacts and lead to account takeover if the state file is exposed, reused across tasks, or stored in insecure locations.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The documented capabilities include uploading local files, saving screenshots/PDFs, recording video, and exporting traces without any warning that these operations may read from or write to the local filesystem and may capture sensitive on-screen data, form contents, tokens, or internal application state. For an AI agent skill, this omission increases the risk of unintended data exfiltration, privacy violations, or overwriting files during automated workflows.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal