ClawHub

Browser Agent

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward Playwright browser automation helper, with normal caution needed around logged-in sessions and saved browser state.

Install only if you need command-line Playwright browser automation. Avoid using it on sensitive logged-in sites unless that is the intended task, keep saved session files private, delete them when no longer needed, and install Playwright from a trusted source.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The skill description is broadly scoped to general browser automation and says to use it whenever deterministic browser control is needed, but it does not define clear activation boundaries, permitted targets, or user-consent requirements. In an agent setting, this can cause over-invocation on sensitive sites or workflows, increasing the chance of unintended login actions, data access, or automation against pages the user did not explicitly approve.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly supports page interaction and saving/loading cookies or storage state, yet it provides no warning about handling authenticated sessions, personal data, or sensitive page content that may be captured in screenshots or extracted text. This omission makes misuse more likely in real deployments, especially when the agent may persist or replay session state containing credentials or tokens.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The skill can persist Playwright storage state to an arbitrary local path, which typically includes cookies and other authenticated session artifacts. In the context of a browser automation skill, this creates a real risk of sensitive credential material being unintentionally written to disk and later reused or exfiltrated, especially because there is no warning, restriction, or minimization around what gets saved.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal