ClawHub

Agent Browser Skipped

Security checks across malware telemetry and agentic risk

Overview

This browser automation skill is coherent and useful, but it gives agents broad access to authenticated browser sessions and saved session data without enough safety guidance.

Install only if you trust the upstream agent-browser package and are comfortable giving an agent broad browser-control authority. Use disposable sessions when possible, avoid sensitive logged-in accounts unless necessary, treat saved state and capture files as secrets, and require confirmation before entering credentials, uploading files, reading cookies/storage, recording sessions, or making account-changing actions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly documents saving screenshots/PDFs/videos, uploading local files, and persisting browser state to disk, but it does not warn that these operations read from or write to the local filesystem and may capture authentication tokens, form contents, or other sensitive material. In an agent context, this can lead to unreviewed exfiltration of local files or insecure storage of session artifacts that can later be reused.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill exposes commands for setting credentials, manipulating cookies and storage, recording sessions, inspecting network requests, and adding headers without any privacy or secret-handling warning. These features can reveal or persist highly sensitive data including passwords, bearer tokens, cookies, PII in traffic, and recorded on-screen secrets, which is especially risky for autonomous agents operating on authenticated sites.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal