ClawHub

tekin

Security checks across malware telemetry and agentic risk

Overview

This browser-automation skill appears legitimate, but it gives an agent broad access to authenticated browser state and file-producing features without enough safety guidance.

Install only if you need full browser automation and are comfortable with an agent controlling authenticated browser sessions. Treat saved state, traces, screenshots, recordings, headers, and auth.json files like secrets: keep them out of shared folders and source control, delete them when done, and avoid using real browser profiles or sensitive accounts unless you explicitly intend that access.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Rogue AgentSelf-Modification, Session Persistence
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly encourages saving screenshots, PDFs, videos, traces, and browser state to local files, but never warns that these artifacts can capture sensitive page contents, tokens, PII, or authenticated views. In an agent setting, this increases the chance that secrets are persistently stored on disk and later exposed through logs, artifacts, backups, or other tools.

Missing User Warnings

High
Confidence
98% confidence
Finding
The documentation states that recording preserves cookies/storage and separately shows saving and loading session state, but it omits any warning that these mechanisms can transfer authenticated sessions between runs. That can enable credential reuse, account takeover within the local environment, or unintended access to protected resources if state files are copied, reused, or mishandled.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill documents adding custom HTTP headers and basic-auth credentials without cautioning that these values often contain API keys, bearer tokens, or passwords that will be transmitted to remote services. In agent-driven workflows, this omission increases the risk that users provide secrets directly on the command line, where they may also be exposed via shell history, process listings, or logs.

Session Persistence

Medium
Category
Rogue Agent
Content
```bash
agent-browser state save auth.json    # Save session state
agent-browser state load auth.json    # Load saved state
```

## Example: Form submission
Confidence
91% confidence
Finding
Load saved state

Session Persistence

Medium
Category
Rogue Agent
Content
agent-browser wait --url "/dashboard"
agent-browser state save auth.json

# Later sessions: load saved state
agent-browser state load auth.json
agent-browser open https://app.example.com/dashboard
```
Confidence
95% confidence
Finding
load saved state

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal