ClawHub

Agent Browser (MikeFaierberg)

Security checks across malware telemetry and agentic risk

Overview

This browser automation skill is coherent, but it needs Review because it encourages saving passwords and reusing logged-in browser profiles without clear safety boundaries.

Install only if you are comfortable letting an agent control a browser. Prefer a dedicated automation browser profile and test or least-privilege accounts. Avoid saving real passwords or using your main Chrome profile unless you understand where credentials and session data are stored, and require manual confirmation before submissions, purchases, posts, deletes, or account-setting changes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
80% confidence
Finding
The skill explicitly promotes browser automation for form filling and logged-in browsing but does not include any warning about handling personal data, session state, or sensitive inputs. In an agent setting, this increases the risk that users or downstream agents will submit secrets or interact with authenticated sites without clear boundaries on what may be stored, exposed in logs, or reused across profiles.

Missing User Warnings

High
Confidence
95% confidence
Finding
The documented `agent-browser auth save <name> --url <url> --username <u> --password <p>` command encourages direct credential entry on the command line without any warning about exposure through shell history, process listings, logs, or insecure local storage. Because this is a browser automation skill intended for logged-in workflows, the context makes the issue more dangerous: users are more likely to handle real credentials, and the skill normalizes unsafe secret handling.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal