ClawHub

Abby Browser

Security checks across malware telemetry and agentic risk

Overview

This browser-control skill matches its stated purpose, but it needs review because it exposes high-impact browser actions with weak enforcement and an unescaped JavaScript evaluation path.

Install only if you want an agent to control your browser. Supervise it on logged-in or sensitive sites, avoid using untrusted CSS selectors with the extraction helper, and treat clicks, form submission, and typed text as actions performed in your real browser session.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (3)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
cmd = ['openclaw', 'browser', 'evaluate', '--fn', 'document.body.innerText']
    
    try:
        result = subprocess.run(
            cmd,
            capture_output=True,
            text=True,
Confidence
95% confidence
Finding
result = subprocess.run( cmd, capture_output=True, text=True, timeout=30 )

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The skill claims it does not automatically execute dangerous operations, but the documented use of `openclaw browser evaluate --fn '...'` exposes arbitrary browser-side JavaScript execution. That creates a mismatch between the stated safety posture and actual capability, increasing the risk of unsafe automation, DOM manipulation, data exfiltration from visited pages, or execution of actions beyond the user's apparent intent.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The code allows callers to trigger --submit programmatically with no confirmation, warning, or policy gate before the browser action is executed. In an agent skill context, this increases the chance of unintended purchases, account changes, or irreversible form submissions driven by prompt injection or user misunderstanding.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal