ClawHub

humancanhelp

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed remote handoff tool, but it can expose live browser or desktop control over LAN or public URLs without mandatory authentication, so users should review it carefully.

Install only if you intentionally want a trusted person to view and control a live browser tab or desktop. Prefer CDP over full-desktop VNC, use an isolated browser profile or VM, set a strong password for any LAN or public sharing, avoid secrets/MFA/payments/account changes unless the real owner is present, and stop the server immediately after the handoff.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (10)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill clearly exposes network-accessible services despite not declaring any corresponding permission or capability boundary. It starts a local HTTP server, can create a public tunnel, and shares CDP/VNC sessions that allow remote viewing and interaction, so the undeclared network surface materially affects trust, review, and safe deployment.

Description-Behavior Mismatch

High
Confidence
96% confidence
Finding
The CLI advertises a 'short local human handoff' but also offers a --public option that can expose the live assistance session through an internet-accessible tunnel. That creates a material trust-boundary expansion: helpers are no longer limited to the local network, and the shared CDP/VNC session may expose sensitive browser contents, local desktop state, or interactive control to remote parties.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
This code dynamically imports localtunnel and publishes the help server externally, creating remote access to a session that can broker browser or desktop interaction. Because the tool is specifically designed to hand over blocked visual/interactive steps, exposing it publicly can enable unauthorized observation or manipulation of sensitive workflows if the URL is leaked, guessed, or shared improperly.

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
This file implements a complete network-accessible remote-control service, including screen streaming, keyboard/mouse injection, authentication, session state APIs, and VNC/CDP bridging. That materially exceeds a narrowly scoped 'short local human handoff' capability and creates a powerful remote access primitive that could be abused for unauthorized interaction with browsers, applications, or desktops if exposed or misconfigured.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The server listens on 0.0.0.0 and exposes WebSocket endpoints that proxy live VNC or Chrome DevTools control over the network, enabling remote viewing and full input injection. In the context of a tool advertised as a short local human assist mechanism, this broader network-reachable control plane is especially dangerous because it can become a remote administration channel into sensitive browser sessions or desktops.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README explicitly promotes remote human interaction with live browser tabs and full desktop sessions, including ordinary login flows, but its privacy guidance understates the risk that helpers can observe, capture, or enter highly sensitive information such as credentials, session data, personal content, and other desktop-visible secrets. Although the document mentions optional passwords and that masking is only helper-side, it does not consistently warn users that granting remote help may expose everything visible in the shared session and that masking does not sanitize the underlying transport.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation describes screen sharing and remote control but does not prominently warn users that helpers may see and manipulate sensitive on-screen content, including credentials, personal data, and full desktop contents in VNC mode. Because the tool supports public URLs and interactive control, missing consent and sensitivity warnings increases the chance of accidental credential exposure or unsafe delegation of privileged actions.

Missing User Warnings

High
Confidence
91% confidence
Finding
This method starts browser screencasting immediately and streams page imagery to a callback without any built-in consent check, visibility indicator, or scope restriction. In the context of a human-handoff skill, silent capture of live browser content can expose credentials, personal data, messages, or other sensitive on-screen information, making the lack of enforced disclosure materially dangerous.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
These methods can inject synthetic mouse and keyboard events into the controlled browser with no built-in authorization, confirmation, or safety guardrails. In this skill's context, that means the tool can perform actions as the user in web sessions—clicking buttons, submitting forms, or typing into sensitive fields—creating real risk of unauthorized transactions, account changes, or data disclosure if misused.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The help text presents --public as a normal feature without an explicit warning that it may expose live browser/desktop content and control to the public internet. In this skill context, users may reasonably assume the handoff remains local, so the lack of a clear warning increases the risk of accidental overexposure of sensitive sessions.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal