ClawHub

Web Form Automation

Security checks across malware telemetry and agentic risk

Overview

This skill is a legitimate form-automation helper, but it can use login sessions, upload files, and force-submit forms on arbitrary websites without built-in confirmation or site limits.

Install only if you are comfortable giving an agent browser-control power. Before running it, inspect the config, confirm the exact website, files, text, account session, and submit action, avoid using sensitive session files unless necessary, and run it in an isolated environment when visiting untrusted sites.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The skill description is broadly scoped to automate website interactions, login, uploads, and submission without meaningful restrictions on allowed domains, user confirmation, or action sensitivity. In an agent setting, that overbroad framing increases the chance the skill is invoked for high-risk actions such as account access, bulk submissions, or interaction with sensitive web apps.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The documentation instructs loading cookies and localStorage/sessionStorage from a JSON file, which can directly import authenticated session material into browser automation. Without strong warnings and guardrails, this enables session hijacking, replay of stolen credentials, and unauthorized access to user accounts or internal applications.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
Recommending force-click submission without warnings normalizes bypassing disabled-state safeguards that may exist to prevent premature, invalid, or irreversible actions. In automation contexts this can cause unintended submissions, acceptance of terms, purchases, account changes, or other actions before the page has completed validation.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal