ClawHub

Browser Automation

Security checks across malware telemetry and agentic risk

Overview

This skill is a browser-control wrapper that is mostly transparent, but it deserves review because it can operate inside a signed-in Chrome session and exposes broad raw browser-control commands.

Install only if you trust the `browser-relay-cli` package and its unpacked extension. Prefer a separate Chrome profile or test account, confirm purchases/posts/deletions/account changes before they happen, avoid sensitive pages unless necessary, and disable the extension plus stop the relay after use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The documented `raw` passthrough exposes a generic invocation surface for both extension methods and Chrome DevTools Protocol methods, which bypasses the skill's otherwise bounded command set. In a signed-in real browser context, this can enable arbitrary page/runtime interaction, data extraction, script evaluation, and broader browser control than users or higher-level policy may expect.

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The skill description presents Browser Relay as a constrained browser-control tool, but the documented raw interface permits arbitrary browser/runtime control that materially expands capability beyond that description. This mismatch is dangerous because it can cause operators, policy systems, or downstream agents to treat the skill as lower risk than it really is, enabling misuse in authenticated browsing sessions.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal