ClawHub

Web + Desktop Automation

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed browser and desktop automation helper, but it gives an agent powerful controls that users should apply only to specific tasks.

Install only if you want agents to control browsers and desktop apps. Keep tasks narrowly specified, review any dependency versions in your environment, and require explicit confirmation before logins, submissions, uploads, downloads, purchases, deletions, account changes, or edits to important local files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The skill is triggered by very broad language covering browser automation, scraping, form filling, clicking, downloads/uploads, and desktop GUI control, without clear boundaries or consent constraints. That increases the chance the agent will invoke this skill for sensitive workflows and perform high-impact actions on websites or the local system when a narrower, safer skill or explicit confirmation should have been required.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill explicitly supports login, file upload/download, and desktop file operations but does not warn about privacy, credential handling, local file exposure, or irreversible system changes. In a web-plus-desktop automation context, this omission is more dangerous because the skill can move data between browser sessions and local applications, enabling accidental disclosure, unauthorized submission, or manipulation of sensitive files.

Unpinned Dependencies

Low
Category
Supply Chain
Content
playwright>=1.50.0
pyautogui>=0.9.54
opencv-python>=4.10.0.84
pillow>=10.4.0
Confidence
96% confidence
Finding
playwright>=1.50.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
playwright>=1.50.0
pyautogui>=0.9.54
opencv-python>=4.10.0.84
pillow>=10.4.0
Confidence
96% confidence
Finding
pyautogui>=0.9.54

Unpinned Dependencies

Low
Category
Supply Chain
Content
playwright>=1.50.0
pyautogui>=0.9.54
opencv-python>=4.10.0.84
pillow>=10.4.0
Confidence
98% confidence
Finding
opencv-python>=4.10.0.84

Unpinned Dependencies

Low
Category
Supply Chain
Content
playwright>=1.50.0
pyautogui>=0.9.54
opencv-python>=4.10.0.84
pillow>=10.4.0
Confidence
99% confidence
Finding
pillow>=10.4.0

Known Vulnerable Dependency: opencv-python — 10 advisory(ies): CVE-2017-12864 (Integer Overflow or Wraparound in OpenCV); CVE-2017-12598 (Out-of-bounds Read in OpenCV ); CVE-2019-14493 (NULL Pointer Dereference in OpenCV.) +7 more

High
Category
Supply Chain
Confidence
87% confidence
Finding
opencv-python

Known Vulnerable Dependency: pillow — 10 advisory(ies): CVE-2016-2533 (Pillow buffer overflow in ImagingPcdDecode); CVE-2023-50447 (Arbitrary Code Execution in Pillow); CVE-2021-27922 (Pillow Uncontrolled Resource Consumption) +7 more

Critical
Category
Supply Chain
Confidence
93% confidence
Finding
pillow

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal