ClawHub

Midscene Automations Skills for Browser

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate browser automation skill, but it needs Review because it can control a logged-in Chrome session and active tab without a clear confirmation step.

Install only if you are comfortable with an agent automating browser pages and, in CDP or Bridge mode, potentially seeing and acting inside logged-in Chrome sessions. Prefer isolated Puppeteer mode for general tasks, use a dedicated browser profile for account work, close sensitive tabs before CDP/Bridge use, and use limited-scope model API keys.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill explicitly instructs the agent to connect to and operate the user's existing Chrome session, including cases that rely on preserved login state such as accounts, dashboards, or orders. Without an explicit requirement for informed user consent, scope limitation, or privacy/account-impact warning, this creates a real risk of accessing sensitive session data or performing actions in authenticated contexts the user may not fully appreciate.

Missing User Warnings

Low
Confidence
82% confidence
Finding
The precheck logic directs the agent to probe local browser-control endpoints and even try opening Chrome before rechecking, which normalizes discovery of automation interfaces without first warning the user that these endpoints enable browser inspection/control. While intended as usability guidance, it can lead to unannounced interaction with sensitive local debugging surfaces and increases the chance of attaching to a real user session unexpectedly.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal