ClawHub

Browser Automation 1

Security checks across malware telemetry and agentic risk

Overview

This is a coherent browser automation skill, but it grants broad web-account and local-file side-effect capability with incomplete install provenance and weak guardrails.

Install only if you can independently verify the missing CLI/source package and trust the publisher. Use an isolated browser profile, avoid real credentials in natural-language commands, confirm before submissions or account-changing clicks, and clear screenshots, downloads, cookies, and cached browser data after sensitive use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The example explicitly instructs submitting a contact form containing personal information to a third-party website, but provides no warning that the action transmits user-supplied data externally. In an agent skill context, examples strongly shape agent behavior, so omission of consent, destination-trust, and data-sharing warnings can lead to unintended disclosure of sensitive user information.

Missing User Warnings

High
Confidence
96% confidence
Finding
This example normalizes entering credentials into a site and then capturing a dashboard screenshot, without warning about secrets handling, session reuse, or exposure of sensitive account data. The note about using Chrome's persistent profile increases risk because cookies and authenticated state may survive across runs, enabling unintended access or leakage beyond a single task.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The download example states that files are automatically written to a local directory but omits any warning about local filesystem side effects, untrusted content, or validation of downloaded files. In an automation skill, this can encourage silent retrieval of potentially dangerous or sensitive files and create persistence on disk without clear user awareness.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The reference explicitly documents that downloads are automatically allowed and written to `./agent/downloads/` without any user confirmation or file-type restrictions. In a browser automation skill with full network access, this creates a real risk of silent filesystem writes from untrusted sites, enabling delivery of malicious payloads, disk-filling abuse, or downstream processing of unsafe files.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The skill description is broad enough to match many ordinary browsing-related requests without clear limits on what sites, actions, or data are in scope. In an agent setting, that increases the chance of unintended invocation for sensitive tasks such as logging in, submitting forms, or interacting with user accounts without explicit confirmation.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The when-to-use section lists many high-level browser actions but does not define prohibited or higher-risk scenarios, making the skill applicable to a very wide class of requests. That ambiguity can cause an agent to invoke browser automation in contexts involving credentials, personal data, financial actions, or other sensitive workflows where stronger guardrails are needed.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill advertises browser automation and form interaction without warning that these actions may expose credentials, personal information, session data, or trigger irreversible changes on third-party websites. Because browser actions can directly affect real accounts and services, the absence of a user-facing sensitivity warning makes misuse and accidental harm more likely.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal