ClawHub

Use Browser (Scrape leads, like, post on socials or perform actions on the web)

Security checks across malware telemetry and agentic risk

Overview

This skill openly automates logged-in social media accounts, but it gives the agent broad authority to post, message, scrape leads, and manage cookies with limited per-action user control.

Install only if you are comfortable letting an agent act through logged-in social media accounts. Use a dedicated VM or browser profile, require manual review for posts, DMs, comments, reposts, connection requests, and scraping batches, avoid cookie export/import unless absolutely necessary, and close or log out sessions when finished.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Intent-Code Divergence

Medium
Confidence
88% confidence
Finding
The skill explicitly says the agent must not attempt login, but it also documents cookie import/set/export capabilities that can recreate authenticated sessions without user interaction. In a browser automation skill handling social media accounts, this creates a practical path to bypass the stated authentication boundary and silently restore or transfer account access.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The description is broad enough that the skill may be selected for many generic browsing, navigation, or extraction tasks, increasing the chance it is invoked outside its intended narrow social-media scope. Because the skill has powerful browser interaction and data extraction capabilities with persistent authenticated sessions, over-broad invocation materially raises misuse risk.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The skill advertises lead scraping, DM automation, and connection-request workflows without an upfront warning about privacy, consent, account restrictions, or platform enforcement risks. That framing normalizes potentially sensitive and high-impact actions and may lead operators to use the skill in ways that expose personal data or trigger account sanctions.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal