ClawHub

Browser Automation

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate Chrome automation skill, but it gives AI clients broad access to a real logged-in browser without enough scoping or consent guidance.

Install only if you trust the upstream bridge and Chrome extension. Prefer a dedicated Chrome profile, avoid using sensitive logged-in accounts, pin and verify the npm package and extension release where possible, and require explicit confirmation before the agent reads history, captures network traffic, sends cookie-backed requests, submits forms, deletes bookmarks, posts content, or changes account data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The top-level description is broad enough to trigger on many ordinary browsing-related requests without requiring explicit user confirmation for sensitive actions. In a skill that can access an existing Chrome profile, sessions, history, bookmarks, and network data, overbroad activation materially increases the chance the agent invokes powerful browser capabilities in situations where the user did not intend that level of access.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The "When to Use" section lists many capabilities but provides no guardrails, exclusions, or approval requirements for privacy-sensitive actions. Because this skill operates against the user's real Chrome environment, missing trigger constraints can cause the agent to over-apply the skill and access data or perform actions beyond the user's expectations.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill advertises use of existing Chrome login sessions and later documents access to browsing history, bookmarks, and network-capable features, but it does not prominently warn that these are privacy-sensitive and may expose authenticated content or personal data. In this context, the omission is especially dangerous because users may interpret ordinary browser help as low risk while the skill can act with the full authority of their current browser state.

Missing User Warnings

High
Confidence
98% confidence
Finding
Documenting network capture and cookie-backed HTTP requests without an explicit warning understates the risk of exposing session tokens, authenticated traffic, CSRF-protected actions, or other sensitive request metadata. This is more dangerous here because the tool runs against the user's live browser context, so misuse could reveal or act on highly privileged data from already-authenticated services.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal