ClawHub

Chrome Extension Relay Helper - Mac

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says, but it can abruptly close Chrome, change the default Chrome profile, and enable automation in a logged-in browser session without clear per-run consent.

Install or run this only if you intentionally want OpenClaw to use your live Chrome session. Save browser work first, consider using a separate Chrome profile with limited logins, review sensitive browser actions before allowing automation, and be aware that the helper can change Chrome startup/session state and write failure screenshots to disk.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill describes capabilities that modify local state, including patching Chrome preference files, but does not declare corresponding permissions. Undeclared file-write behavior is dangerous because callers may invoke the skill without understanding that it can alter user configuration and browser state. In this context, the behavior appears operational rather than overtly malicious, but hidden write capability increases risk and reduces informed consent.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly states it will kill running Chrome instances and patch the user's Chrome Preferences file, but does not prominently warn about disruption, possible loss of unsaved browser state, or persistent modification of user data. This is dangerous because it can terminate active sessions, interfere with unrelated browsing, and corrupt or unexpectedly change the user's default profile. The skill context makes this somewhat more understandable for automation setup, but not less risky, because it targets the real Chrome session and default profile rather than an isolated environment.

Missing User Warnings

High
Confidence
97% confidence
Finding
The script unconditionally force-kills all Google Chrome processes with `pkill -9 -f` and gives no warning, prompt, or graceful shutdown attempt. In this skill context, that is dangerous because it can interrupt active browsing sessions, cause data loss, and terminate unrelated user work merely to attach an extension relay.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The script rewrites Chrome's on-disk Preferences file to alter session recovery and exit state without explicit disclosure or consent. Although likely intended to improve automation reliability, modifying user browser configuration behind the scenes can corrupt preferences, mask crash state, and change future browser behavior in ways the user did not authorize.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal