Se Browser Automation

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only browser automation guide; it can help an agent use logged-in websites, but the behavior is disclosed and aligned with its purpose.

Install only if you want the agent to help operate web pages through an OpenClaw-managed browser. Supervise logins, 2FA, purchases, submissions, account changes, and pages containing private information; do not provide credentials for accounts you do not own or administer.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The skill provides operational guidance for entering credentials and handling 2FA codes, but it lacks guardrails about consent, secure secret handling, or restrictions on storing, logging, or reusing sensitive authentication data. In an automation context, this can normalize collection and use of high-sensitivity credentials and one-time codes in ways that could enable account compromise or unauthorized access if invoked in the wrong context.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal