ClawHub

Browser Js

Security checks across malware telemetry and agentic risk

Overview

This is a real browser automation skill, but it gives an agent broad control over signed-in browser sessions, uploads, iframe clicks, and page JavaScript without clear approval boundaries.

Install only if you are comfortable giving the agent CDP-level control of a browser. Use a separate non-sensitive browser profile, keep the debugging port bound to localhost, and require explicit approval before uploads, purchases, account changes, OAuth/payment/captcha interactions, public posts, or eval commands.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The documentation explicitly promotes coordinate-based interaction with cross-origin iframes for captchas, payment forms, and OAuth widgets. That materially expands the skill from ordinary browsing into flows that can trigger security-sensitive actions in embedded third-party contexts, potentially bypassing normal agent safeguards and enabling unauthorized account linking, payment submission, or anti-bot circumvention.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill advertises direct local file upload into websites via CDP without a prominent warning that local files will be transmitted to external services. In an agent setting, this creates a realistic risk of unintended exfiltration of sensitive local data if a path is chosen or inferred incorrectly, especially because signed-in browser sessions carry over automatically.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
`eval <js>` allows arbitrary JavaScript execution in the page context, but the documentation does not warn about side effects such as form submission, state changes, data extraction, or triggering privileged actions in authenticated sessions. In context, this is more dangerous because the tool is designed to operate against the user's existing browser profile, so page-context code can act within already logged-in sites.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal