ClawHub

computer-use-skill

Security checks across malware telemetry and agentic risk

Overview

This browser-automation skill is not clearly malicious, but it forwards broad user tasks to a remote CUA workflow without enough limits or safety guidance for sensitive actions.

Review before installing. Use only for explicit browser tasks you are comfortable sending to the CUA provider, and require separate confirmation before logins, purchases, account changes, uploads, or public posts. Verify the missing Python wrapper, SDK source, and dependency setup before running any referenced command.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The invocation description says to use this skill whenever a user requires the remote browser to do anything, which is excessively broad and can cause the skill to activate for many common requests without sufficient gating. In a pass-through browser automation skill, overbroad triggering increases the chance of unsafe browsing actions, unreviewed external interactions, and accidental handling of sensitive tasks.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill explicitly states that it operates in pass-through mode and transmits tasks directly to CUA without modification, but it does not warn users that their instructions may be sent to a remote browser automation system. This is dangerous because users may unknowingly submit sensitive data, and direct transmission reduces opportunities for safety filtering, redaction, or confirmation before external execution.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
Including an example that says to enter a username and password on a login page normalizes credential handling in a pass-through remote browser workflow without any safety warning. That can lead operators or users to provide secrets directly to the automation channel, creating substantial risk of credential disclosure, misuse, or execution against phishing or unintended sites.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal