ClawHub

chrome-bookmark-folder-summarizer

Security checks across malware telemetry and agentic risk

Overview

This skill does what it advertises: it reads a selected Chrome bookmark folder and summarizes the linked pages, with privacy considerations but no hidden or destructive behavior found.

Install only if you are comfortable letting the agent read bookmark titles and URLs from the selected Chrome folder and visit those URLs for summaries. Prefer exact folder matching, consider non-recursive or pick-first options for tighter scope, and review extracted URLs before summarizing large, work, internal, or private bookmark folders.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill instructs the agent to read a local Chrome bookmarks file and therefore uses local file access capabilities, but it does not declare permissions or clearly surface that access in a permission model. This is dangerous because bookmark files can reveal browsing interests, internal company resources, and sensitive URLs, and undeclared capabilities undermine informed user consent and security review.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill proposes both reading a local Chrome bookmarks file and fetching each bookmarked URL, but it does not explicitly warn the user about local data access or outbound network requests. This is risky because bookmarks may contain sensitive or private links, and automatic fetching can leak user interests or access internal-only URLs to external systems without sufficiently informed consent.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal