ClawHub

Agent Browser CLI

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed browser-automation skill, but users should be careful because it can click, fill forms, take screenshots, and interact with logged-in websites.

Install this only if you want an agent to automate browser actions. Review pages before allowing clicks or submissions, avoid entering real credentials unless necessary, be cautious with screenshots of logged-in pages, and only create scheduled check-in scripts intentionally. Also consider whether you trust the external agent-browser npm package before installing it globally.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger conditions are overly broad and overlap with many ordinary browsing, research, and web interaction requests. This can cause the skill to activate in situations where the user did not clearly intend browser automation, increasing the chance of unintended clicks, form submissions, navigation, or data exposure.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly supports sign-ins, form filling, button clicks, screenshots, and scheduled check-ins, all of which can affect account state or capture sensitive data, but it provides no explicit safety warnings, consent checkpoints, or restrictions. In this context, the absence of guardrails is dangerous because browser automation can easily submit credentials, perform unintended actions, or capture private page contents without adequate user awareness.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal