ClawHub

Chrome DevTools MCP (Standard)

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Chrome browser automation skill, but it gives agents broad control over real web pages without enough privacy, containment, or approval boundaries.

Install only if you want an agent to control and inspect a real Chrome browser. Prefer pinning the npm package version, using a separate or isolated Chrome profile, and requiring explicit approval before the agent uses logged-in sites, submits forms, uploads files, changes account or business data, makes purchases, or inspects sensitive page, console, or network content.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Vague Triggers

Medium
Confidence
87% confidence
Finding
The skill description uses very broad activation language such as general browsing, screenshots, debugging, and form filling, which can cause the skill to be invoked for many ordinary web tasks without clear boundaries. In an agent setting, this increases the chance of unnecessary use of a highly privileged browser-control capability that can inspect page contents, network traffic, and interact with sites.

Vague Triggers

High
Confidence
94% confidence
Finding
The keyword list includes generic triggers like 'use browser', 'screenshots', and 'web scraping', which overlap heavily with everyday requests. This can cause over-triggering of a powerful browser automation skill, expanding access to page interaction and inspection in situations where less privileged tools would be safer.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The top-level description emphasizes broad browser control and inspection but does not warn that the skill can access potentially sensitive page content, console output, screenshots, and network metadata. Without a user-facing privacy warning, an agent may use these capabilities in contexts involving credentials, personal data, or confidential internal applications without adequate caution.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The workflow includes arbitrary JavaScript execution and interactive actions, but the document does not clearly warn that these operations can change application state, submit forms, trigger purchases, or execute site-specific side effects. In an autonomous-agent context, omission of this warning raises the risk of unintended data submission or destructive actions.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal