ClawHub

Use My Browser

Security checks across malware telemetry and agentic risk

Overview

This skill openly controls a real logged-in Chrome browser, but its triggers and safeguards are too broad for that level of access.

Install only if you intentionally want an agent to operate your real logged-in Chrome session. Prefer a separate Chrome profile or test accounts, review the external plugin and userscript first, and require explicit approval before any click, form submission, purchase, post, deletion, or account change.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger conditions are broad enough to activate a skill that takes control of the user's real logged-in browser in situations where the user may only be asking for normal browsing help. In this skill's context, unintended invocation is especially dangerous because execution occurs in the page context with access to active sessions, cookies, and the ability to click, fill, and extract data from authenticated pages.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The package description explicitly states that the skill can control the user's real Chrome browser via Tampermonkey injection and reuse existing login sessions, but it does not define strict activation constraints, scope limits, or safety exclusions. In the context of an agent skill, broad browser-control capability over an authenticated session materially increases the risk of unauthorized actions, sensitive data access, and session abuse if the skill is triggered unexpectedly or misused.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal