ClawHub

lock-me-in

Security checks across malware telemetry and agentic risk

Overview

This skill appears intended to help with browser login automation, but it exposes an authenticated browser session through a public tunnel with overly broad remote-control capabilities.

Review before installing. Use only in a trusted environment, do not share the cloudflared URL, close the tunnel immediately after login, avoid using it with sensitive accounts, and delete saved session state when finished. Prefer a version that binds to localhost, removes /eval and general remote-control endpoints, requires a strong access token, and clearly explains where session data is stored.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Rogue AgentSelf-Modification, Session Persistence
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The exposed HTTP interface goes well beyond a narrow login helper: it allows arbitrary navigation, keyboard/mouse control, text entry, element clicking by text, and especially arbitrary JavaScript execution via /eval. Combined with binding to 0.0.0.0 and publishing a public cloudflared URL, anyone who obtains the tunnel URL can take over the browser session and operate authenticated sites or extract data.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The stealth and fingerprint-spoofing scripts are not necessary for basic user login/session persistence and are designed to evade bot detection. In this context, they increase abuse potential by making the remotely controlled browser look less automated, which can facilitate policy evasion on third-party sites and make malicious automation harder to detect.

Missing User Warnings

High
Confidence
95% confidence
Finding
The skill explicitly creates a public tunnel for interactive login and persists cookies/localStorage to disk, but it does not present a clear warning or consent flow about the privacy and credential risks. This can expose highly sensitive authenticated session material to unintended parties, especially since the user may not realize the browser is reachable over a public URL and that reusable session state is stored afterward.

Session Persistence

Medium
Category
Rogue Agent
Content
3. Cloudflared creates a temporary public tunnel URL
4. User opens the link, clicks/types to log in
5. Session (cookies + localStorage) saved to disk
6. Future Playwright sessions load the saved state

## Quick Start
Confidence
97% confidence
Finding
load the saved state

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal