ClawHub

Browser Automation V2

Security checks across malware telemetry and agentic risk

Overview

This skill does what it advertises, but its scripts build shell commands from user-supplied URLs, search text, form values, and profile names, creating a real local command-execution risk.

Use this only in a dedicated low-privilege browser profile and only with trusted URLs and form values. Avoid entering passwords, tokens, or sensitive personal data until the scripts replace exec shell strings with safe argument passing and redact form-value logging.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill advertises browser automation capabilities including Google search, multi-page processing, and form filling, but the description does not warn that these actions can submit data to third-party sites, trigger state-changing requests, or create persistent artifacts such as screenshots and PDFs. In an agent setting, this omission increases the chance of unsafe use because operators may assume the skill is read-only when it can perform external actions and leave sensitive data on disk.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script passes a user-controlled URL into shell commands via child_process.exec, which invokes a shell and can enable command injection if the URL contains shell metacharacters or quoting tricks. In addition, opening arbitrary URLs in a browser and fetch tool can trigger unintended outbound requests and access to internal resources, increasing SSRF-like and local side-effect risk in an agent context.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script logs the entire `fields` object to the console before filling the form, which can expose sensitive values such as emails, usernames, passwords, tokens, or personal data in terminal history, CI logs, or shared execution environments. In the context of a form-filling automation skill, this is more dangerous because the inputs are explicitly user-supplied form data and may commonly include secrets or regulated personal information.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal