ClawHub

CamoFox MCP

Security checks across malware telemetry and agentic risk

Overview

This skill is a powerful stealth browser controller that is mostly disclosed, but it pins a vulnerable external MCP server and exposes sensitive session and file actions without enough guardrails.

Install only if you intentionally need stealth browser automation for systems you are authorized to automate. Prefer upgrading the runtime to camofox-mcp 1.13.2 or newer, keep the MCP endpoint bound to localhost or otherwise authenticated, avoid importing personal or production cookies, use disposable profiles, and require explicit confirmation before submissions, bulk actions, downloads, or deletions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill explicitly exposes download retrieval and deletion capabilities, but the description does not warn users that files may be deleted from disk or that downloaded content may be returned inline. In an agent setting, missing warnings materially increase the chance of unintended destructive actions or unsafe handling of sensitive downloaded data.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill includes cookie import, profile save/load, and session-closing features that can affect authenticated browser state, yet the description does not warn that these operations may access, persist, overwrite, or terminate logged-in sessions. In a stealth browser automation context, that omission is more dangerous because the skill is designed to operate on hostile or protected sites and can be used against valuable authenticated accounts.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The manifest exposes high-risk capabilities including cookie import/export-style profile handling and download deletion, but provides no warning, consent language, or guardrails around sensitive session material and destructive actions. In an anti-detection browser automation skill, these features materially increase the chance of covert session hijacking, misuse of authenticated cookies, or silent deletion of artifacts without the operator appreciating the risk.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal