Back to skill

Security audit

Agent Browser Clawdbot 20260401

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent browser automation guide, but users should treat saved browser sessions, cookies, and storage as sensitive credentials.

Install only if you trust the upstream `agent-browser` npm package and Chromium download. Keep saved auth JSON files out of repositories and shared folders, avoid printing or logging cookies and storage values, and use cookie/storage/network mutation only for sites and accounts you are authorized to automate or test.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill explicitly recommends saving and loading browser auth state but does not warn that the resulting files may contain session cookies, tokens, and other sensitive browser storage. In an agent setting, this can lead to credential reuse, unintended privilege transfer between tasks, or leakage of reusable authentication material if the state file is stored insecurely or shared.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill documents direct access to cookies and browser storage without any guidance on handling sensitive values, which normalizes extracting or mutating secrets such as session identifiers, CSRF tokens, and personal data. In an AI-agent workflow, these commands increase the chance of accidental exfiltration to logs, model context, or downstream tools if safeguards are not stated.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.