Back to skill

Security audit

Clawbrowser

Security checks across malware telemetry and agentic risk

Overview

This skill teaches browser automation with Playwright CLI, and its powerful browser/session features are disclosed and aligned with that purpose.

Install this only if you want an agent to control a browser with Playwright. Prefer isolated or temporary sessions for sensitive work, avoid using run-code or permission changes on third-party or production sites unless explicitly needed, and delete saved sessions, screenshots, PDFs, traces, videos, and snapshots when finished.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The skill explicitly teaches use of `playwright-cli run-code` to execute arbitrary JavaScript in the browser context, which materially expands the capability from browser automation into code injection and in-page state manipulation. In an agent setting, this can be used to exfiltrate page data, alter workflows, bypass intended restrictions, or interact with sensitive browser/session context in ways not obvious from the skill’s stated browsing purpose.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill encourages persistent sessions, saved auth state, screenshots, PDFs, traces, videos, and output to disk, but gives no warning that these artifacts may contain credentials, personal data, session tokens, internal pages, or other sensitive information. In an agent environment, unattended persistence increases the chance of cross-task data leakage, over-retention, and accidental disclosure through stored files or reused sessions.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill documents network inspection, console inspection, permission grants, and helper-script injection without warning that these capabilities can inspect or alter page data and behavior. This is dangerous because it enables deep visibility into requests, tokens, and page internals, and can modify execution context or permissions in ways that exceed normal browsing and may violate user expectations or site boundaries.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.