ClawHub

Windows Browser Ops

Security checks across malware telemetry and agentic risk

Overview

This skill openly controls a Windows browser, but it gives broad access to screenshots, downloads, logged-in sessions, and uploads without enough limits.

Install only if you intentionally want an agent to operate a Windows desktop browser. Use a dedicated Windows account and browser profile, keep sensitive accounts closed, review or provide the missing scripts yourself, and require explicit confirmation before screenshots, downloads, uploads, form submissions, or custom PowerShell commands.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (5)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill explicitly enables remote browser control, screenshots, download collection, zipping, and artifact return, but it does not warn operators about capturing personal data, credentials, session contents, or proprietary files. In this context, the omission is dangerous because the skill is purpose-built for remote evidence collection on an unlocked desktop, making accidental privacy violations and overcollection very likely.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The workflow tells operators to upload screenshots and ZIP archives as routine output without any checkpoint to verify consent, inspect contents, or exclude sensitive material. Because the skill is designed for remote browser manipulation and collection from a live user session, this creates a clear path to unintended disclosure of account data, downloaded documents, cookies-adjacent session evidence, or other confidential information.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The evidence-collection section instructs operators to capture screenshots and export artifacts but does not discuss privacy, data minimization, or risks of returning raw evidence from an authenticated browser session. Even if intended for legitimate support or demo use, the lack of safeguards increases the chance of collecting more information than necessary and exposing sensitive on-screen or downloaded content.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The troubleshooting guidance normalizes keeping the remote session unlocked and in the foreground to enable screenshots, but it does not warn that this materially weakens workstation security and may expose active sessions to unauthorized interaction. In a skill centered on remote browser control, an unlocked foreground session increases the risk of misuse, lateral actions by anyone with access, and inadvertent capture of unrelated sensitive content.

Missing User Warnings

High
Confidence
94% confidence
Finding
The playbook explicitly instructs operators to capture screenshots, package downloaded files, and upload them to Discord or another channel, but it provides no consent, minimization, or privacy warning. In a remote browser-control skill, these steps can easily exfiltrate sensitive on-screen content, session data, or downloaded documents from a user's Windows desktop environment.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal