ClawHub

Agent Browser

Security checks across malware telemetry and agentic risk

Overview

This browser-control skill is not deceptive, but it gives the agent broad web automation powers with only loose scoping and safety rules.

Install only if you intentionally want an agent to control a browser. Give specific URLs and task boundaries, require confirmation before submitting forms or acting in logged-in accounts, avoid sensitive sessions when possible, set explicit limits for monitoring jobs, and delete saved screenshots or scraped data when no longer needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger terms are broad, generic words like "browser", "automation", "screenshot", and "scraping" that can match many unrelated user requests and cause the skill to activate unexpectedly. Because this skill can control a browser, click, type, take screenshots, and execute scripts, accidental invocation expands the chance of unintended web actions, privacy exposure, or misuse on sensitive pages.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The usage guidance encourages vague commands such as "打开某网页", "截图", and "填表" without defining scope, allowed targets, or safety boundaries. In a high-capability browser skill, this ambiguity is risky because the agent may act on incomplete instructions, interact with sensitive sites, or perform actions the user did not intend, especially when combined with tools like browser_click, browser_type, and browser_evaluate.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal