ClawHub

Persistent Browser Scraper

Security checks across malware telemetry and agentic risk

Overview

This skill is openly for logged-in browser scraping, but it reuses a persistent authenticated browser profile with broad automatic triggers and limited user-control guidance.

Install only if you intentionally want an agent to use a logged-in browser profile for scraping. Use a dedicated low-privilege browser profile, confirm each authenticated site before use, avoid private messages/settings/billing pages, and do not use a profile you are actively browsing with elsewhere.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger conditions are broad enough to auto-invoke the skill for generic requests like "搜索外网" or whenever certain sites are mentioned, which can cause the agent to open a persistent logged-in browser context without explicit user confirmation. In this skill, that is more dangerous than usual because the browser profile contains authenticated sessions for multiple external services, so unintended invocation can expose private account-scoped data or perform stateful browsing the user did not clearly authorize.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill description states that it uses Playwright persistent context with a specific profile but does not warn that this reads and writes a long-lived logged-in browser profile. That omission is security-significant because users may not realize the skill can access cookies, session state, and account-specific content across YouTube, GitHub, HuggingFace, Reddit, Kaggle, and X/Twitter.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal