ClawHub

OpenBrowser

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real browser-automation skill, but it gives an agent high-impact browser and account authority without enough clear safety boundaries.

Review carefully before installing. Use it only with a browser/profile you are comfortable automating, avoid sensitive logged-in accounts unless necessary, and require explicit confirmation before purchases, submissions, deletions, account changes, public posts, or other state-changing actions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
This skill enables live browser automation against arbitrary websites and potentially authenticated sessions, yet it does not prominently warn that actions may click buttons, submit forms, or modify account/data state. In this context, the absence of consent and safety boundaries increases the risk of unintended destructive or privacy-impacting actions during normal use.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The provided installation test performs a real GitHub 'star' operation, which changes the user's account state, without clearly warning that it is not a read-only check. Because the browser may already be logged in, this can silently trigger authenticated actions and normalize unsafe testing practices.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The setup guide instructs users to run a sequence of shell commands that clone code from the internet, install dependencies, build an extension, and start a local server, but it does not explicitly warn that these commands execute arbitrary project code and modify the local system. In a skill context, this increases risk because users may treat the instructions as trusted automation and run them without reviewing the repository or understanding the side effects.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The script sends arbitrary task text, working-directory context, and browser capability identifiers to an HTTP service and then prints server-sent content back to the user, but it provides no explicit disclosure or confirmation that potentially sensitive instructions or data may be transmitted. In this skill context, tasks may contain secrets, internal URLs, file paths, or operational instructions, so silent transmission increases the chance of unintended data exposure.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal