ClawHub

mcp-chrome

Security checks across malware telemetry and agentic risk

Overview

This skill is not clearly malicious, but it gives an AI broad control over a user's live Chrome session and browser data without strong consent boundaries.

Install only if you intentionally want an AI agent to operate your real Chrome browser. Prefer a separate Chrome profile, avoid banking or admin sessions, confirm any history/bookmark/network/authenticated action, and disable or remove the extension and native bridge when not needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
87% confidence
Finding
The top-level description is broad enough to trigger on many ordinary browsing requests, including sensitive actions involving authenticated sessions. In a skill that can control a real Chrome profile and access history, bookmarks, and session-backed browsing, overbroad activation materially increases the chance the skill is invoked without clear, task-specific user intent.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The 'When to Use This Skill' section lists very broad trigger conditions without boundaries, negative examples, or consent gates. Because this skill operates against the user's live browser and authenticated state, ambiguous routing can lead to unintended page interaction, history access, bookmark access, or network inspection beyond what the user expected.

Missing User Warnings

High
Confidence
95% confidence
Finding
The documentation advertises use of existing login sessions and browser-resident data but does not prominently warn that this may expose authenticated content, personal history, bookmarks, extension context, and other sensitive information. In this context, the absence of clear privacy and consent language is dangerous because users may not realize the skill operates with the privileges of their active Chrome profile.

Missing User Warnings

High
Confidence
97% confidence
Finding
Network capture and cookie-backed HTTP requests are especially sensitive because they can reveal tokens, headers, request metadata, and authenticated responses or enable actions as the user. Without explicit warnings and constraints, these features can be misused to inspect or replay privileged traffic, making the skill substantially more dangerous than ordinary browser automation.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal