ClawHub

Chromium

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a genuine Chromium automation tool, but it needs review because it can reuse logged-in browser sessions, persist account state, and run unsandboxed Chromium for arbitrary browsing.

Install only if you specifically need persistent Chromium automation. Use an isolated machine or container, avoid importing valuable account cookies, keep cookie export files out of shared locations, delete them after import, clear the profile when finished, and be aware that the supplied launcher disables Chromium sandboxing.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
87% confidence
Finding
The skill exposes meaningful capabilities—environment-variable driven behavior and network/browser access—without any declared permissions boundary. In practice this makes review and policy enforcement harder, and users may invoke a browser session that can reach arbitrary sites and reuse persistent state without clear authorization metadata.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README explicitly instructs users to export authenticated browser cookies from a logged-in browser and import them into the persistent headless Chromium profile. This enables account/session reuse and creates real privacy and account-security risk if the cookie file, profile directory, logs, or host are exposed, especially because the skill is designed around persistent browser state.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The description triggers on very broad requests like 'open a website', 'browse', 'click', or 'work with a browser', which can cause the skill to be selected in many contexts beyond the minimum necessary. Because this skill launches a persistent browser with remote debugging and session reuse, over-broad invocation increases the chance of unintended access to authenticated sessions or unnecessary network activity.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The markdown explicitly promotes a persistent browser profile and cookie import, but it does not warn that cookies, localStorage, and login sessions may persist across tasks and expose sensitive accounts. In this context, the risk is heightened because the skill also enables remote debugging and pre-authenticated browsing, making cross-task session leakage or unintended account actions more plausible.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal