ClawHub

HumanTyping

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed browser typing automation tool, with caution needed because it can enter text into live web pages.

Install only if you want browser keystroke automation. Use --dry-run first, verify the active tab and CSS selector, avoid sensitive or irreversible forms unless checked carefully, and treat saved script files as containing any private text you provided.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Tp4

High
Category
MCP Tool Poisoning
Confidence
91% confidence
Finding
The description frames the skill as simple human-like typing, but the documented behavior extends to controlling a live browser over CDP, focusing arbitrary CSS selectors, replaying scripts, and reading/writing files. That mismatch can cause users or higher-level agents to grant it more trust than warranted, increasing the chance of unintended form submission, data entry into sensitive fields, or misuse in websites already authenticated in the connected browser.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill emphasizes that it will type into the focused browser element or a selected element, but it lacks a prominent safety warning near the description that this can affect whatever page is currently active in a live browser session. In context, because it connects to an existing browser via CDP and can target arbitrary selectors, accidental use could enter or overwrite data in sensitive forms, chats, admin panels, or other authenticated contexts.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal