ClawHub

Browser Use

Security checks across malware telemetry and agentic risk

Overview

This is a legitimate browser automation skill, but it gives agents broad access to logged-in browser sessions, cookies, cloud profile syncing, public tunnels, and raw browser internals without enough scoping or warnings.

Install only if you need a powerful browser automation bridge and trust the external browser-use CLI. Prefer isolated or throwaway browser profiles, avoid syncing profiles to cloud, do not export or print cookies unless you explicitly intend to handle session secrets, confirm any file upload/account-changing action, and stop tunnels plus close browser sessions when finished.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The tunnel commands expose a local port to a public Cloudflare URL, which materially expands the skill from browser automation into internet-facing service publication. In an agent context, this can unintentionally publish development apps, admin panels, or other localhost-only services and create remote attack surface or data exposure without explicit user understanding.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The cloud v2/v3 passthrough permits arbitrary REST calls beyond normal page interaction, effectively broadening capability to unspecified remote operations. That mismatch increases the chance an agent can invoke privileged or unexpected cloud-side actions not obvious from the skill's stated browser automation purpose.

Context-Inappropriate Capability

High
Confidence
95% confidence
Finding
Profile sync to the cloud can transfer local browser profiles, which may contain authenticated session data, cookies, browsing history, and other sensitive artifacts. This goes well beyond simple browser control and creates a serious confidentiality risk if users or agents invoke it without understanding the data being uploaded.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documentation encourages connecting to a user's existing Chrome and preserving logins/cookies without an equally prominent warning about access to live authenticated sessions and sensitive browser state. In agent-driven use, that omission can lead to unintentional interaction with private accounts, session data, or confidential internal resources.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documentation explicitly shows how to retrieve browser cookies through raw CDP and print them, but it does not include any warning, scope restriction, or guidance about handling sensitive session data. In a browser automation skill, this materially lowers the barrier to extracting authentication tokens or session identifiers from arbitrary sites, which could enable account takeover or unauthorized access if misused.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal