Back to skill

Security audit

QQBrowserUse

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Ziniao Browser control skill that can take real browser actions, so it is acceptable when used only for intentional Ziniao automation.

Install only if you want OpenClaw to operate Ziniao Browser. Keep ZCLAW_BASE_URL pointed at a trusted bridge, protect ~/.zclaw/config.json, and require explicit user confirmation before purchases, form submissions, account changes, downloads, or page-script actions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The documentation claims file access is limited to temporary directories, but it also states downloads may be saved to a user-specified path. That inconsistency can mislead users and policy engines about the actual write scope, enabling broader filesystem writes than advertised.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The statement that the skill does not access or modify files outside designated directories is contradicted by the documented ability to save downloads to user-specified paths. This creates a trust and security boundary mismatch that could permit unexpected writes to sensitive locations.

Scope Creep

High
Confidence
98% confidence
Finding
The declared filesystem permission suggests only temporary-directory access, while the skill behavior allows writing downloaded content to arbitrary user-specified paths. In a browser automation skill that fetches remote content, this materially increases the risk of placing untrusted files anywhere the process can write.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The activation condition is broad enough that an agent may invoke full browser automation for many website-related tasks without narrowing to read-only or low-risk operations. Because this skill can click, submit forms, download files, and execute page JavaScript, overbroad routing increases the chance of unintended side effects.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The workflow guidance encourages navigation, input, clicking, and form interaction without a clear warning that these actions can submit data or trigger real-world side effects on websites. In an agent setting, missing safety guidance makes accidental purchases, submissions, account changes, or consent actions more likely.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.