ClawHub

Taizi Agent Browser

Security checks across malware telemetry and agentic risk

Overview

This browser automation skill is coherent, but it gives agents broad control over authenticated web sessions and persistent session files without enough safety guidance.

Install only if you need powerful browser automation and can supervise its use. Use isolated test accounts where possible, protect or delete saved state files such as auth.json, avoid passing real passwords directly in command lines, and require explicit approval before uploads, submissions, account changes, cookie/storage edits, or JavaScript execution on logged-in sites.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly documents commands that save screenshots, PDFs, videos, traces, and browser state to disk, but gives no warning that these artifacts may contain sensitive page content, credentials, tokens, cookies, or internal application data. In an agent setting, this can lead to unintended local persistence of secrets and privacy-sensitive data that may later be exfiltrated, committed to source control, or read by other processes.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill documents `set credentials user pass` and saved session/state operations without warning that secrets entered on the command line may be exposed via shell history, process lists, logs, or state files. Because this tool is intended for agent automation, the omission is more dangerous: agents may handle real credentials and persist authenticated state in reusable files without appropriate safeguards.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The recording feature is described as preserving cookies and storage from the current session, but the skill does not warn that recordings and preserved session context can capture authenticated content, personal data, and security-sensitive workflow details. This increases the risk of privacy breaches and unauthorized reuse of live session data, especially when agents automate real user sessions.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal