Agent Browser Clawdbot.Bak 2026 01 28T18:01:09+10:30

Security checks across malware telemetry and agentic risk

Overview

This is a powerful browser automation skill, but the risky browser-state features appear disclosed and aligned with its purpose rather than hidden or deceptive.

Install only if you need broad browser automation. Use isolated/test browser sessions where possible, avoid saving real-account state unless necessary, keep state files private, and do not expose cookies or localStorage values in logs or chats.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill explicitly documents saving and loading browser state files for authentication reuse, but gives no warning that these files can contain sensitive cookies, localStorage, and active session material. In an agent-oriented automation context, this omission can lead users to persist or share reusable auth artifacts insecurely, enabling account hijacking or unauthorized access if the files are exposed.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The skill describes commands for reading and modifying cookies and browser storage without warning that these interfaces expose highly sensitive session tokens, personal data, and application secrets. Because this skill is intended for AI agents, the risk is elevated: an agent may access, log, transform, or persist this data in ways the user did not intend, increasing the chance of credential leakage or session compromise.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal