ClawHub

AIGroup Browser Skill

Security checks across malware telemetry and agentic risk

Overview

This skill is purpose-built for real-browser opening, but it should be reviewed because it uses live browser profiles that may carry cookies, login state, and unrelated tab data.

Review carefully before installing on a machine with sensitive logged-in browser profiles. Use it only when you explicitly want a live browser session, and consider changing the script to fail when it cannot match the requested URL instead of returning any existing tab.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill invokes external binaries and opens arbitrary URLs in a real browser, which gives it effective shell and network capabilities despite not declaring explicit permissions. This creates a trust and review gap: agents or reviewers may treat the skill as low-privilege while it can access the network and interact with a user-profile browser session that may carry cookies, authenticated state, and routing-specific access.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The README frames the skill as the default path whenever a task asks to 'open this site in the browser' and explicitly says to use it instead of safer alternatives like web_fetch or search. That trigger language is broad and matches common user phrasing, which can cause over-invocation of a powerful browser-driving capability and expand exposure to untrusted sites, authenticated session state, and region-specific profiles.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal