Luke Agent Browser Clawdbot

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward browser automation skill, but saved browser sessions and cookie/storage commands should be treated as sensitive account access.

Install only if you trust the external agent-browser package, preferably with a pinned version. Use test or low-privilege accounts where possible, avoid automating purchases/posts/deletions without explicit confirmation, and protect or delete saved auth files because they may grant access to logged-in sessions.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The skill explicitly instructs users to save and load browser auth state files but does not warn that these files can contain reusable session cookies, tokens, and other sensitive browser storage. In an agent context, this increases the chance that credentials are persisted insecurely, shared across tasks, or exfiltrated from disk and then reused for account takeover.

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The skill documents commands to read and modify cookies and localStorage without any privacy, integrity, or scope warnings. In a browser automation skill, these capabilities can expose session identifiers and user data or alter application state in ways that bypass normal UI controls, making misuse by an agent or user more likely.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal