ClawHub

podman-browser

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it says: run a temporary Podman-based Playwright browser to fetch rendered web pages, with some normal but important browser-isolation and network-use cautions.

Install this only if you are comfortable with the agent launching Podman containers and making live web requests. Avoid secret-bearing, authenticated, or internal-only URLs unless that is deliberate; treat fetched text or HTML as untrusted content; and consider stronger isolation or pre-pinned dependencies for sensitive environments.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation explicitly instructs users to fetch arbitrary URLs but does not warn that doing so will make outbound network requests to third-party sites and expose request metadata such as IP address, timing, headers, and browser fingerprinting details. In a browser-automation skill, this omission is security-relevant because users may unknowingly send sensitive internal or untrusted targets through a containerized browser with full network access.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The skill performs an outbound fetch to an arbitrary user-supplied URL inside a browser context without clearly informing the user that external network requests will occur. This can expose internal or sensitive network resources to SSRF-style access if the tool is available in a trusted environment, and pages loaded in Playwright may also trigger additional third-party requests beyond the initial URL.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal