ClawHub

KleinClaw

Security checks across malware telemetry and agentic risk

Overview

KleinClaw is a high-impact but clearly disclosed plugin for managing the user's own Kleinanzeigen listings, with confirmation, approval, and local scoping controls.

Install only if you want an agent to operate real Kleinanzeigen listings and local ad files. Keep adRoots limited to the listing workspace, leave approvalMode set to all, prefer the workspace browser profile unless you intentionally want to reuse local login state, and review every approval prompt before actions that publish, update, delete, download, extend, or edit browser settings.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The code connects to a remote Chrome DevTools Protocol endpoint over plain HTTP using plan.remoteHost and plan.remotePort, which can expose the automation session to unintended remote control or data access if the target host is untrusted or attacker-influenced. In this skill context, the risk is elevated because a live browser session can access authenticated pages, cookies, and user activity, and the code provides no validation, allowlist, or explicit disclosure around the remote endpoint.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The `webRequest` method performs arbitrary HTTP requests from the browser context to any caller-supplied URL, method, and headers, with no allowlist, user disclosure, or restriction on destination. In an agent skill, this creates a data-exfiltration and SSRF-like primitive that can silently contact external services, send authentication-bearing headers, and interact with internal or sensitive endpoints reachable from the execution environment.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The manifest explicitly advertises capabilities to change live listings, edit local browser settings, and run an embedded browser runtime, but it does not present an explicit safety warning, consent boundary, or clear limitation on destructive behavior. In an agent skill context, these are high-risk actions because they can alter user accounts and local environment state, and the 'redacted output' wording may also reduce transparency during review or incident investigation.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The package description explicitly states it can 'change live listings', which signals that the skill operates on real marketplace data rather than a sandbox. Without an accompanying warning in this user-visible metadata about mutating production state, users may invoke it without understanding that actions can alter real listings, increasing the risk of accidental destructive or unauthorized changes.

VirusTotal

62/62 vendors flagged this plugin as clean.

View on VirusTotal