ClawHub

tabbit-devtools

Security checks across malware telemetry and agentic risk

Overview

This skill clearly does what it claims: it connects an agent to a user's Tabbit browser by reading Tabbit's local DevTools endpoint and passing it to agent-browser.

Install this only if you are comfortable letting an agent inspect and interact with pages in your active Tabbit browser session. Prefer installing agent-browser yourself instead of relying on the npx fallback, and do not set AGENT_BROWSER_BIN or TABBIT_DEVTOOLS_ACTIVE_PORT_FILE to untrusted commands or paths.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill directs the agent to read local files under the user's home directory, inspect environment-related connection details, and invoke shell-accessible helper scripts, but it does not declare permissions for those capabilities. That mismatch is dangerous because it can bypass user/admin expectations and make a seemingly low-privilege skill perform local file access and command execution on sensitive workstation state.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The default prompt activates on broad phrases like 'use my tabbit browser' or 'connect tabbit,' which can match ordinary user requests and silently steer the agent into this skill's workflow. Because the skill then instructs the agent to read a live DevToolsActivePort file and attach to an existing browser session, accidental activation could expose browsing context, authenticated sessions, or local environment details without sufficiently explicit user intent.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal