ClawHub

Camofox Browser Control

Security checks across malware telemetry and agentic risk

Overview

This is a legitimate browser-control skill, but it gives agents broad control over logged-in browser sessions and session artifacts without enough guardrails or warnings.

Install only if you intend to let an agent control a trusted Camofox browser server. Avoid sensitive logged-in accounts unless actions are supervised, protect API keys/cookies/storage-state files as secrets, isolate userId/session values per task, and clear persisted browser state when finished.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The `evaluate` subcommand exposes arbitrary JavaScript execution in the controlled browser tab via the REST API by forwarding a user-supplied `expression` directly to `/tabs/{tab}/evaluate`. In a browser-control skill, this materially expands capability beyond navigation/click/type/snapshot into unrestricted DOM and script execution, enabling data extraction, state manipulation, or execution of unsafe workflows on authenticated pages if an agent or user passes untrusted input.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill instructs users to import cookies, export storage state, and use an API key without any warning that these artifacts may contain session tokens, authentication material, or other secrets. In practice, this can enable account takeover or credential/session leakage if the data is mishandled, logged, or reused across contexts.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The login workflow recommends VNC/manual login and then reusing exported storage state, but it does not warn that this may expose credentials, MFA artifacts, and long-lived authenticated sessions to the skill operator or surrounding environment. Because this skill is specifically designed to interact with a live browser service, the context makes session theft and privacy exposure more realistic and impactful.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
This section documents cookie import, storage-state export, and VNC-assisted login flows involving credential-bearing browser sessions, but it provides no clear warning about handling secrets, session tokens, or privacy-sensitive browser data. In this skill context, that omission matters because the skill is specifically designed to control an existing browser service and can directly expose reusable authenticated state if operators treat the cheatsheet as safe-by-default.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal