ClawHub

Super Lobster

Security checks across malware telemetry and agentic risk

Overview

This skill matches its web-research purpose, but it gives the agent broad local execution power and renders arbitrary web pages with weakened browser isolation.

Install only if you intentionally want a high-capability scraping and browser-rendering skill on this gateway. Use it in a least-privileged or disposable environment, review generated Python or shell before execution, avoid sensitive internal URLs, and constrain cleanup to known temporary files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
99% confidence
Finding
The script launches Chrome with --no-sandbox while rendering an arbitrary user-supplied URL, which disables an important browser isolation boundary. If a malicious page exploits a browser vulnerability, the lack of sandboxing can significantly increase the chance of host compromise or broader process-level impact.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly authorizes local scripting, crawling, extraction, and command execution on the gateway without any user-facing warning, approval boundary, or restriction on scope. In an agent setting, this materially increases the chance of unintended system modification, data exposure, or execution of unsafe commands, especially because the skill frames such behavior as a normal default capability.

Missing User Warnings

Low
Confidence
84% confidence
Finding
The workflow instructs the agent to write Python scripts into a local filesystem path and execute them, but does not warn that this creates artifacts and can consume disk, overwrite files, or leave executable content on the host. While temporary-file use is often legitimate, in this context it is paired with local execution on a gateway, making the absence of guardrails more consequential than a routine scratch-directory reference.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
Telling the agent to remove temporary files without a safety warning or deletion constraints can normalize file deletion behavior and lead to overly broad cleanup logic. In an automated environment, ambiguous cleanup instructions can cause accidental deletion of non-temporary data if path handling is incorrect or if the agent expands the cleanup scope beyond the intended scratch area.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script causes a headless browser to fetch a fully user-controlled URL without restriction or disclosure, creating an SSRF-style capability and unexpected outbound network access. An attacker may use this to probe internal services, access metadata endpoints, or trigger authenticated requests from the execution environment.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal