Security audit

Agent Browser Clawdbot Rose

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Playwright browser automation skill, but its browser-session features can expose login data if used carelessly.

Use this skill only for trusted browser automation. Prefer isolated or in-memory sessions, avoid attaching personal browser profiles unless explicitly needed, do not print or share raw cookies/storage values, and treat saved auth-state files like passwords.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill explicitly recommends saving and loading browser auth state but does not warn that these files can contain session cookies, tokens, and other authenticated state that may grant account access if copied or reused. In an agent-oriented skill, this is more dangerous because automation may persist, move, or expose these files across tasks, users, or logs without the operator recognizing their sensitivity.

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The documented cookies and storage commands enable direct access to browser-held secrets and user data, but the skill provides no warning about sensitivity, redaction, or safe handling. This is risky in an AI-agent context because retrieved cookie or localStorage values may be surfaced in outputs, logs, or downstream tools, potentially exposing session tokens or personal data.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.