ClawHub

Agent Browser Assistant

Security checks across malware telemetry and agentic risk

Overview

This browser automation skill is not deceptive or executable, but it gives an agent broad control over logged-in browsing, forms, uploads, exports, and scraping without clear user-confirmation limits.

Install only if you are comfortable giving an agent broad browser-control ability. Prefer the default sandbox profile, avoid profile="user" on sensitive accounts, and require explicit confirmation before submitting forms, accepting dialogs, uploading files, exporting private pages, scraping at scale, posting content, making purchases, or changing account settings.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
87% confidence
Finding
The skill is framed in very broad terms for browser automation, scraping, form filling, login authentication, and batch operations without clear task-boundary constraints, approval requirements, or sensitive-action guardrails. That can cause an agent to invoke it in situations involving authenticated sessions, destructive UI actions, or collection of sensitive web data beyond user intent.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The documentation actively enables sensitive browser behaviors such as credential entry, login reuse via profile="user", scraping page contents, executing page-side evaluation code, file upload, PDF export, and clicking/submitting forms, but it provides no warnings about privacy, credential handling, consent, or external side effects. In an agent setting, this increases the risk of unauthorized data extraction, account misuse, unintended transactions, or disclosure of local and session-based information.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal