ClawHub

Agent Browser Conflict

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate browser automation skill, but it gives agents broad control over websites and session data without enough safety guidance.

Install only if you trust the publisher and the upstream agent-browser npm package. Prefer a pinned package version, use disposable browser sessions or test accounts, avoid sensitive sites unless necessary, and require explicit approval before submitting forms, uploading files, reading or saving cookies/storage, using CDP, or keeping screenshots, recordings, traces, PDFs, or saved auth state.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill documents operations that expose or manipulate sensitive browser state, including cookies, localStorage, HTTP credentials, and saved session state, but provides no warning about handling secrets or authenticated sessions. In an agent context, this can normalize unsafe reuse, extraction, or persistence of tokens and credentials that may grant continued access to user accounts.

Missing User Warnings

Low
Confidence
86% confidence
Finding
The documentation advertises screenshots, PDFs, videos, traces, and other file-producing features without warning that they create local artifacts that may contain sensitive page contents, credentials, personal data, or internal application state. In automated agent workflows, these files may be retained, uploaded, or shared unintentionally, increasing data leakage risk.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal