ClawHub

Puppeteer

Security checks across malware telemetry and agentic risk

Overview

The skill mostly matches a Puppeteer automation purpose, but it includes under-disclosed persistence and bot-detection evasion guidance that users should review before installing.

Review this skill before installing. Only use it for websites and workflows you are authorized to automate, require the agent to ask before installing packages or creating ~/puppeteer files, and remove or ignore any instruction that hides file paths or tries to bypass bot-detection controls.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The documentation explicitly provides anti-detection guidance for avoiding automation detection, including random delays and realistic mouse movements. In a general Puppeteer skill, this goes beyond ordinary browser automation and can facilitate stealthy scraping, abuse of third-party sites, or evasion of defensive controls, which makes the skill materially more dangerous in context.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The activation guidance is overly broad: 'Read this when `~/puppeteer/` doesn't exist. Don't ask — just start naturally.' This can cause the skill to trigger based on filesystem state rather than clear user intent, leading the agent to initiate setup actions and browser-automation workflows without explicit confirmation. In a tool that may install packages and create files, unintended invocation increases the risk of unauthorized changes and surprise execution paths.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs the agent to save scripts under `~/puppeteer/scripts/` and to store workflow details in `~/puppeteer/memory.md` 'without mentioning file paths to them.' This creates persistent writes and retention of user/project details without transparent disclosure, which is dangerous because it can silently modify the user's environment and accumulate potentially sensitive operational context. The concealment instruction makes the behavior more suspicious and increases the chance of violating user expectations or organizational policies.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal