ClawHub

Browser Session Manager

Security checks across malware telemetry and agentic risk

Overview

This skill is coherent browser automation, but it reuses live browser session tokens and can act inside a logged-in account with weak scoping.

Install only if you are comfortable giving the skill password-equivalent browser session data for your Jimeng account. Keep the session JSON out of source control, restrict file permissions, delete screenshots and session files after use, avoid proxy/rate-limit bypass behavior, and review or narrow the helper before using it with any non-Jimeng URL or any action that could spend credits.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The document explicitly instructs exporting browser cookies and localStorage from a real account and injecting them into an automated Playwright session to act as an already authenticated user. This is effectively credential/session token reuse and can enable account takeover, unauthorized actions, and abuse of a third-party service if the session file is leaked, reused across environments, or applied to another user's account.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The guide tells users to export and store authentication cookies and localStorage in a JSON file, including session identifiers, without any warning that these are sensitive credentials equivalent to being logged in. This creates a high risk of credential leakage, accidental source-control commits, local compromise, or reuse by unauthorized parties.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script reads cookies and localStorage from /tmp/jimeng-session.json and injects them directly into a Playwright browser context, effectively restoring an authenticated session. This can expose or misuse account credentials, bypass normal login safeguards, and enable account actions as the user without any consent, validation, or scoping controls. In an agent skill context, hidden session replay is especially dangerous because the operator may not realize the skill is handling reusable authentication material.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The script saves multiple screenshots, including full-page captures after submission, to /tmp without any notice or data minimization. Screenshots can contain prompts, account information, generated content, billing/credit data, or other sensitive page state, creating an avoidable data-at-rest exposure. In an automation skill, repeated captures increase the chance of collecting more sensitive information than needed.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal