ClawHub

Claude for Safari

Security checks across malware telemetry and agentic risk

Overview

The skill is a Safari automation tool, but it can access a live logged-in browser session and the artifacts do not show strong enough scoping or consent boundaries.

Install only if you intentionally want an agent to operate your real Safari session. Use a separate browser profile or test account where possible, close sensitive tabs first, and require explicit confirmation before it reads page contents, takes screenshots, interacts with accounts, or runs JavaScript on a page.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
95% confidence
Finding
The trigger description is extremely broad for a skill that can control a real logged-in Safari session, take screenshots, read page contents, and inject JavaScript. Overbroad activation increases the chance of unintended invocation on ordinary browsing-related requests, causing the agent to access sensitive tabs, cookies, or authenticated content without the user explicitly intending to grant that level of control.

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill explicitly states it has full access to the user's real Safari session, including login state, cookies, and open tabs, yet it does not present strong upfront consent boundaries or clear privacy/account-risk warnings before use. In this context, the capability is inherently sensitive because it enables reading authenticated content, interacting with accounts, and potentially exposing private browsing data through screenshots or DOM extraction.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal