ClawHub

Chen Agent Browser

Security checks across malware telemetry and agentic risk

Overview

This is a coherent browser automation skill, but it gives an agent broad website-control powers and can handle or persist sensitive session data without enough guardrails.

Install only if you trust the external `agent-browser` tool and are comfortable giving the agent broad control over browser sessions. Use isolated browser profiles or test accounts, avoid production/admin sessions unless necessary, protect saved state files like credentials, and require explicit confirmation before uploads, purchases, form submissions, credential use, cookie/storage changes, or network request mocking.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The skill description presents the tool as browser automation but does not clearly disclose that it can execute arbitrary JavaScript in the page context via `agent-browser eval`. That omission matters because page-context script execution can bypass safer structured interactions, access sensitive DOM data, and perform high-impact actions on authenticated pages.

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The manifest description omits that the tool can intercept, block, and mock network traffic. Those capabilities materially expand the trust boundary because they enable request tampering, response forgery, and manipulation of application behavior beyond normal browser automation.

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The manifest understates the browser's ability to extract and persist cookies, local storage, and session state. These are security-sensitive capabilities because they enable collection, reuse, and transfer of authenticated state, increasing the risk of credential/session theft or unintended persistence of secrets.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The skill documents saving screenshots, PDFs, videos, traces, and session state to local files without warning that these artifacts may contain page contents, PII, tokens, cookies, or authenticated workflow details. In an agent setting, these files can persist sensitive information beyond the live session and be mishandled or exfiltrated later.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The documented commands can perform real-world side effects such as submitting forms, uploading files, modifying cookies/storage, and executing JavaScript, yet the skill provides no warning that these actions can alter user accounts, remote services, or stored browser state. In the context of an agent-operated browser, silent side effects are especially risky because the model may trigger them on production systems or authenticated sessions.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal