ClawHub

Cxz9909 Agentbrowser

Security checks across malware telemetry and agentic risk

Overview

This is a legitimate browser automation skill, but it gives an agent broad control over browser sessions and sensitive files without enough safety boundaries.

Install only if you intentionally want an agent to control a browser. Use a test account or isolated browser session, avoid sensitive logged-in sites, pin and verify the external npm package where possible, and require explicit approval before uploads, JavaScript eval, cookie/storage access, form submissions, purchases, or saving/restoring auth state.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly documents saving and loading browser session state for authentication, but does not warn that these state files can contain sensitive cookies, tokens, and other authenticated artifacts. In an agent context, that omission increases the chance that users or downstream automation persist reusable credentials insecurely or transfer them between tasks without understanding the exposure.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documented upload command enables sending arbitrary local files to remote websites, but the skill provides no warning that this can exfiltrate local data if used on untrusted pages or under unsafe prompts. Because this skill is meant for agent-driven automation, a user may trigger uploads without adequately verifying destination trust or file sensitivity.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill promotes screenshots, PDFs, recordings, console/error capture, traces, and network inspection without explaining that these artifacts can capture page contents, credentials, tokens, cookies, request metadata, and other sensitive session data. In browser automation, such outputs are frequently stored on disk or shared for debugging, which makes silent overcollection a realistic risk.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal