ClawHub

opencli-adapter-author

Security checks across malware telemetry and agentic risk

Overview

This is a legitimate adapter-writing guide, but it asks agents to inspect and reuse live browser cookies/tokens and intercept signed requests, so it needs review before installation.

Install only if you are comfortable letting the agent use OpenCLI against live browser sessions for the specific site you are adapting. Review any generated adapter, fixture, and ~/.opencli/sites changes before sharing or committing them, and do not allow raw cookies, Bearer tokens, account IDs, private watchlists, or other user-specific data to be saved.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
This section explicitly instructs users to extract authentication cookies/tokens from cookies, localStorage, bundles, and to use interception to capture authenticated API responses. In a skill meant for writing adapters, this crosses from normal integration guidance into credential harvesting and request-signing bypass techniques, which could be repurposed to access protected data beyond intended authorization boundaries.

Intent-Code Divergence

Medium
Confidence
88% confidence
Finding
Although the guide says Geetest-style anti-bot challenges are out of scope, later sections recommend store-action invocation and interception so the page can generate signatures and authenticated requests on the user's behalf. That effectively provides a workaround for normal request-signing and access controls, undermining the stated boundary and enabling bypass of protective mechanisms.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The guide tells users to enumerate cookies, including auth-related cookies, and specifically notes use of page.getCookies to retrieve HttpOnly cookies from the browser cookie jar. Without strict handling rules, this normalizes exposure of live session material that could be reused for account access, data exfiltration, or cross-tenant mistakes.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The guide recommends searching localStorage and JavaScript bundles for tokens and Bearer credentials, including hardcoded authorization values. This is dangerous because it encourages discovery and reuse of secrets not intended for adapter authors, potentially enabling unauthorized API access or mass abuse if such credentials are shared across users or environments.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documentation explicitly instructs adapters to perform authenticated browser requests with `credentials: 'include'` and notes that the cookie may carry user identity after login. In an agent-skill context, this creates a real privacy and data-exposure risk because downstream adapter authors may automatically reuse session cookies for requests without clear user consent boundaries, increasing the chance of unintended access to private watchlists, portfolios, or account-scoped data.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal