ClawHub

Agent Browser Local

Security checks across malware telemetry and agentic risk

Overview

This is a coherent browser automation skill, but users should treat saved sessions, screenshots, traces, cookies, and network captures as sensitive data.

Install only if you need browser automation. Avoid using it on high-value production accounts unless necessary, and treat saved state files, screenshots, PDFs, videos, traces, cookies, headers, and captured requests as secrets. Store them in restricted locations, keep them out of source control and shared workspaces, and delete them when finished.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Rogue AgentSelf-Modification, Session Persistence
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly documents commands that write screenshots, PDFs, videos, traces, and session state to local files, but it does not warn that these artifacts persist on disk and may contain sensitive page content, credentials, or tokens. In an agent setting, silent file creation can leak data into shared workspaces, logs, caches, or later tool invocations.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill describes setting HTTP credentials and saving/loading browser state without warning that these operations can expose passwords, cookies, tokens, and authenticated sessions. Saved state files and inline credentials are especially risky because they can be read by other users, shell history, logs, or subsequent agent steps.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill documents request interception, request inspection, extra headers, and credential handling, but does not warn that these features can capture, alter, or replay sensitive network traffic. In a browser automation skill, this increases the chance of privacy violations, unintended data exfiltration, or unsafe tampering with authenticated requests.

Session Persistence

Medium
Category
Rogue Agent
Content
```bash
agent-browser state save auth.json    # Save session state
agent-browser state load auth.json    # Load saved state
```

## Example: Form submission
Confidence
96% confidence
Finding
Load saved state

Session Persistence

Medium
Category
Rogue Agent
Content
agent-browser wait --url "/dashboard"
agent-browser state save auth.json

# Later sessions: load saved state
agent-browser state load auth.json
agent-browser open https://app.example.com/dashboard
```
Confidence
97% confidence
Finding
load saved state

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal