ClawHub

Agent Browser

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed browser-automation wrapper, but saved sessions, recordings, screenshots, and uploads can expose sensitive account data if used carelessly.

Install only if you want an agent to control a browser. Use test accounts where possible, avoid saving auth state in shared or committed folders, store session files and recordings securely, delete captures when finished, and manually confirm high-impact actions such as uploads, purchases, account changes, credential entry, or public posts.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The manifest description also omits that the tool can persist and reload browser/session state and handle credentials, including cookies, storage, and saved auth state. This can cause operators to treat it as stateless automation when it actually supports long-lived authenticated sessions and credential-like material on disk.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The manifest description also omits that the tool can persist and reload browser/session state and handle credentials, including cookies, storage, and saved auth state. This can cause operators to treat it as stateless automation when it actually supports long-lived authenticated sessions and credential-like material on disk.

Missing User Warnings

Low
Confidence
88% confidence
Finding
The documentation describes screenshot/PDF commands that write artifacts to disk but does not warn that local files will be created. In agent settings, silent file creation can cause unreviewed data retention, overwrite existing files, or store sensitive page contents on the host.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The state save/load documentation normalizes persistence of browser session state without warning that the saved file may contain cookies, tokens, or other authentication material. If stored insecurely or reused across contexts, this can enable account/session hijacking.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The recording feature explicitly preserves cookies and storage from the active session, but the docs do not include a privacy or secrecy warning. That increases the risk of capturing or reusing authenticated state during recording workflows in ways users may not anticipate.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal