ClawHub

Browser Ops High Autonomy

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real browser-automation skill, but its advertised authority is broad enough that users should review it before enabling.

Install only if you are comfortable letting the skill operate websites in your browser context. Prefer using it on approved domains, avoid sensitive accounts unless necessary, and require explicit confirmation before it submits forms, sends messages, changes settings, deletes data, or extracts private information.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The skill explicitly advertises high-autonomy browser actions that can complete tasks end-to-end with minimal interruption, but it does not warn users that such actions may modify external systems, submit forms, send messages, or otherwise cause real-world side effects. Even with approved-domain restrictions and escalation states, the absence of an explicit user-facing warning increases the risk of unintended data changes or actions being initiated without sufficient operator awareness.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The skill grants broad autonomous authority across sensitive categories such as admin workflows, product/platform management, routine communication, and data extraction without defining precise boundaries, approval checks, or disallowed actions. In a high-autonomy browser skill, this ambiguity can let the agent perform impactful actions or access sensitive data with minimal human review, increasing the risk of unintended privilege misuse, privacy violations, or harmful operational changes.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The manifest advertises high-autonomy browser operations, including data extraction and end-to-end workflow completion, but does not disclose privacy expectations, data sensitivity limits, retention rules, or user-facing warnings about potentially impactful actions. This omission can cause operators to enable the skill without understanding that it may process sensitive information or make consequential changes autonomously.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal