ClawHub

webcli

Security checks across malware telemetry and agentic risk

Overview

This is a legitimate browser automation skill, but it gives an agent broad session, cookie, storage, upload, and JavaScript powers without enough consent or privacy guardrails.

Install only if you want to give the agent a full browser automation tool, not a read-only web fetcher. Avoid using it on sensitive logged-in sessions unless necessary, and require explicit approval before uploads, purchases, account changes, cookie/session export, storage changes, or custom JavaScript. Delete saved session files after use and review the external npm package before installing.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill advertises broad web-browsing and interaction capabilities but does not warn that it can perform state-changing actions such as clicking buttons, submitting forms, uploading files, changing settings, or triggering purchases/account changes. In an agent setting, omission of these risks can cause unsafe use because operators may treat the skill as read-only reconnaissance when it is actually capable of modifying remote state.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill documents commands that can expose, persist, and transfer sensitive browser data, including localStorage access, state save/load, cookie export/import, network logging, console capture, screenshots, PDFs, and page source, but it provides no privacy or secret-handling warning. This increases the chance an agent will collect or persist authentication tokens, session cookies, personal data, or confidential page contents and then disclose them in outputs or artifacts.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal