ClawHub

OpenClaw 浏览器自动化

Security checks across malware telemetry and agentic risk

Overview

This is a browser automation skill whose core purpose is coherent, but it can act in logged-in browser sessions and transfer files without clear approval boundaries.

Install only if you are comfortable with an agent controlling a browser. Prefer an isolated browser profile, avoid using your real Chrome profile for sensitive accounts, and require explicit confirmation before uploads, downloads, logins, form submissions, purchases, account changes, or actions on private pages.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger list includes generic phrases such as “浏览器”, “浏览网页”, “截图”, and “browser”, which are common in normal user requests and can cause the skill to activate unintentionally. Because this skill enables powerful browser automation, accidental invocation could expose browsing context, screenshots, DOM content, downloads, or perform actions on behalf of the user without sufficiently explicit intent.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill documents capabilities including screenshots, DOM snapshots, uploads, downloads, header changes, and operation against existing browser sessions, but it does not present strong, prominent warnings about privacy and data-handling risk at the point those capabilities are introduced. In context, this is more dangerous because browser automation may interact with authenticated sessions and sensitive page content, so users may unknowingly permit collection or manipulation of private data.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal