ClawHub

Webapp Testing Anthropic

Security checks across malware telemetry and agentic risk

Overview

This webapp-testing skill appears useful, but it needs review because it can run local shell commands and save sensitive browser artifacts without clear safety boundaries.

Review before installing. Use it only for projects and server commands you trust, avoid running commands derived from untrusted input, and avoid capturing full-page screenshots, DOM dumps, or raw console logs from authenticated or production-like sessions unless you have a plan to redact and delete them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
print(f"Starting server {i+1}/{len(servers)}: {server['cmd']}")

            # Use shell=True to support commands with cd and &&
            process = subprocess.Popen(
                server['cmd'],
                shell=True,
                stdout=subprocess.PIPE,
Confidence
98% confidence
Finding
process = subprocess.Popen( server['cmd'], shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE )

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill instructs the agent to invoke shell commands and run helper scripts that can start arbitrary local servers, but it declares no permissions or safety boundaries. This creates a capability mismatch that can mislead operators and downstream policy systems, increasing the chance of unintended command execution, file creation, or interaction with untrusted local applications.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill encourages capturing screenshots and browser logs during testing without warning that these artifacts may contain credentials, personal data, session tokens, or internal application details. In a local webapp-testing context, this is especially relevant because developers often test against staging-like data or authenticated sessions.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The reconnaissance instructions explicitly tell users to save full-page screenshots and dump rendered page content, which can expose sensitive UI state, secrets embedded in the DOM, CSRF tokens, personal data, or proprietary content. Because this step is framed as a normal inspection workflow without safeguards, it increases the likelihood of unnecessary data collection and leakage.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
This example persists raw browser console output to a file under /mnt/user-data/outputs without any filtering, minimization, or warning to the user. Console logs often contain sensitive data such as tokens, PII, stack traces, internal URLs, or application secrets, so writing them to disk can create unintended retention and later disclosure risk.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal