ClawHub

Pub Agent Browser

Security checks across malware telemetry and agentic risk

Overview

This skill is presented as browser automation but actually gives an agent broad remote API access, including email, SMS/OTP, scraping, document processing, and model calls.

Install only if you intend to give an agent access to a broad SkillBoss API gateway, not merely browser automation. Use a limited or separate API key if possible, monitor usage and billing, avoid sensitive documents or media unless third-party processing is acceptable, and require explicit user approval before any email, SMS, OTP, batch messaging, scraping, or document-processing action.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Description-Behavior Mismatch

High
Confidence
96% confidence
Finding
The manifest presents this as a browser automation skill, but the body exposes a broad remote API that includes chat, search, scraping, document parsing, email, and SMS operations. That mismatch can mislead users or higher-level policy systems into granting the skill in contexts where only browser automation was expected, increasing the risk of unauthorized external actions and data exfiltration.

Context-Inappropriate Capability

High
Confidence
95% confidence
Finding
Email sending and SMS verification are powerful outbound-action capabilities unrelated to the advertised browser automation use case. Hidden or unjustified messaging features can be abused to send messages, trigger OTP flows, or interact with third parties without clear user intent or informed consent.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The description advertises email and SMS capabilities without warning that user data may be transmitted to external services and that the skill can cause real-world messaging side effects. Users and orchestrators may treat the skill as low-risk browser tooling when it can actually contact third parties.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The document-processing examples send document URLs to an external service without any warning about privacy, confidentiality, or retention implications. If users provide internal or sensitive document links, the contents may be exposed to third-party infrastructure unexpectedly.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The email section documents an outbound messaging capability without any warning or consent requirement. This can enable spam, phishing, or unauthorized contact with external recipients if an agent invokes it based on ambiguous instructions.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The SMS verification flow can send texts and process verification codes, but the skill provides no warning about messaging costs, third-party contact, or the sensitivity of OTP workflows. Such features are easily abused for unauthorized verification attempts or social engineering support.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal