ClawHub

Web Browsing

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward web-browsing skill that makes expected outbound web requests, with privacy and internal-URL cautions users should understand before use.

Use this skill for public web searches and public webpages. Do not give it secrets, credential-bearing URLs, private customer data, internal hostnames, localhost links, or cloud metadata addresses unless you intentionally want the agent environment to request them. If running the helper script directly, install its Python dependencies only from trusted sources.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
83% confidence
Finding
The invocation description is broad enough to match many common requests involving websites, URLs, or current information. That increases the chance of over-triggering the skill and sending user queries to external web/search tools when the user may not expect browsing or when a safer non-network response would suffice.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill encourages users to provide URLs and search queries but does not warn that this information will be sent to external websites or search services. This can expose sensitive user inputs, internal URLs, or confidential research topics to third parties without informed consent.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The function fetches arbitrary user-supplied URLs and follows redirects without any scheme, host, or IP-range validation. In an agent/runtime environment, this can enable SSRF-like behavior, allowing access to internal services, cloud metadata endpoints, localhost resources, or redirected destinations that were not intended to be reachable.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal