ClawHub

Gemini Browser Image

Security checks across malware telemetry and agentic risk

Overview

This instruction-only skill automates Gemini image generation through the user's Chrome session, which is sensitive but clearly tied to its stated purpose.

Install only if you are comfortable letting an agent control a Chrome session logged into Gemini and read your Downloads folder. Use a dedicated Chrome profile and download directory, close unrelated tabs, verify the external mcporter/chrome-devtools-mcp tools before use, and choose a non-sensitive output folder to avoid accidental overwrites.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README explicitly says the agent will read the browser Downloads folder and copy or rename generated files into a target directory, but it does not clearly warn about the security and integrity implications of local file access. In an agent-skill context, this normalizes filesystem access tied to browser activity and could lead users to grant broader directory permissions than necessary, increasing risk of unintended file disclosure, overwrite, or mishandling of sensitive downloaded content.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README instructs users to launch Chrome with remote debugging and to use a browser profile already logged into Gemini, but it does not adequately warn that this exposes a powerful browser control interface attached to an authenticated session. In this skill's context, that is especially dangerous because the agent can drive a live logged-in browser, access session-backed content, and potentially interact with other tabs or data in that profile if the debugging endpoint is reachable or misused.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal