ClawHub

webvoyager

Security checks across malware telemetry and agentic risk

Overview

This web automation skill is not deceptive, but it gives broad browser-control guidance for sensitive actions like checkout, form submission, and social posting without clear approval gates.

Review before installing or using. Keep tasks narrow, avoid sensitive logged-in sites unless necessary, and require explicit confirmation before the agent submits forms, completes purchases, changes account settings, sends messages, or posts publicly. Be aware that screenshots, page HTML, URLs, and visible private data may be captured or sent to a configured vision model.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The skill's trigger description is broad enough to match many generic web tasks, which can cause the agent to invoke a powerful browser automation capability without clear scoping. In this context, that increases the chance of unintended navigation, form interaction, scraping, or cross-site actions on sensitive pages.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill describes capabilities like autonomous navigation, form filling, cross-site workflow automation, and data extraction, but does not warn that these actions may handle credentials, personal data, or irreversible submissions. Because this is an automation skill with write capabilities, the lack of user-facing safety constraints makes accidental harmful actions substantially more likely.

Missing User Warnings

High
Confidence
97% confidence
Finding
Listing checkout and social media automation as supported use cases without any caution normalizes high-risk workflows that can spend money, publish content, or act on third-party accounts. In a web automation skill, these are especially dangerous because they combine external side effects with autonomous execution across sites.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The example sends annotated screenshots, page context, and task details to an external vision model without any consent, disclosure, or data-minimization control. In a web automation skill, this can expose sensitive on-screen information, internal URLs, form contents, or user workflow data to a third-party model service.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The code captures full screenshots and full HTML content of arbitrary pages, which may include credentials, personal data, tokens in DOM content, internal application data, or other secrets. In an autonomous browser agent, collecting this by default materially increases privacy and data-exposure risk, especially if logged, retained, or later sent to models or other services.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal