ClawHub

HTML-to-Selenium

Security checks across malware telemetry and agentic risk

Overview

This skill is a webpage-to-Selenium helper, but it needs review because it can capture full page HTML for LLM use and uses browser flags that bypass normal certificate and automation safeguards.

Install only if you intentionally need Selenium-based page inspection. Use it only on public or explicitly authorized pages, avoid sensitive authenticated/internal systems, review and redact HTML before sending it to any model, be aware that invalid certificates may be ignored by the script, and delete any retained HTML files including error_page.html.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
87% confidence
Finding
The skill instructs users to fetch remote webpages and save the HTML to local files, which implies both network access and file-write capability, yet no explicit permissions are declared. This is dangerous because it obscures the skill's real trust boundary: downloaded pages may contain secrets or active content indicators, and silently writing them to disk can create unintended data retention or leakage risks.

Tp4

High
Category
MCP Tool Poisoning
Confidence
93% confidence
Finding
The documented behavior does not fully match the actual capability profile: the skill appears to write page data to disk and, per the finding, may use browser options that suppress certificate or automation warnings without disclosing this. Hidden persistence and stealth-oriented browser settings materially increase risk because users may invoke the skill for broad webpage analysis without realizing it can store sensitive content locally or weaken browser safety signals.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The script explicitly adds '--ignore-certificate-errors' and '--disable-blink-features=AutomationControlled', which weaken browser security signals and hide automation. For a general page analysis tool, these options are unnecessary and make it easier to access pages with invalid TLS or evade bot-detection controls, increasing the risk of misuse against protected sites.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The invocation language is overly broad, using phrases like 'general webpage element analysis' and 'any webpage,' while also mentioning login, search, and form submission. In a skill that fetches page source and supports Selenium automation, this broad framing can encourage use on sensitive, authenticated, or internal targets and reduces safety by failing to define clear boundaries and exclusions.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The template explicitly instructs users to send downloaded HTML content to a large model, but provides no warning that page source may contain sensitive data such as tokens, hidden form fields, user identifiers, or internal application content. In the context of a webpage analysis and Selenium-generation skill, this increases risk because users may apply it to authenticated or semi-private pages despite the note about authorization, causing unintended third-party data disclosure.

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal