ClawHub

Agent Browser

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate browser automation skill, but it gives agents broad control over websites, login sessions, saved browser state, recordings, and network behavior with important safeguards left to the user.

Install only if you need supervised browser automation and are comfortable giving an agent website-action authority. Use a dedicated browser profile or test account, avoid importing your main Chrome session, enable domain allowlists and action policies, treat auth-state files, recordings, traces, HARs, screenshots, and proxy credentials as sensitive, and delete saved state when finished.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The skill description and trigger list are extremely broad, covering almost any website interaction such as opening sites, logging in, scraping, or testing apps. In an agentic environment, this increases the chance the browser tool is invoked for ambiguous requests, causing unintended navigation, data disclosure to third-party sites, or execution of risky web actions without sufficiently narrow user intent.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation does not clearly warn that using this skill may send prompts, entered data, cookies, clipboard contents, downloaded files, or browser-derived state to remote websites and services. Because the tool explicitly supports login, state import/export, clipboard access, downloads, and navigation without restrictions by default, users and higher-level agents may unknowingly expose sensitive information.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The documentation instructs users to save Chrome performance traces to JSON files but does not warn that trace output can include sensitive runtime details such as visited URLs, timing of user actions, page structure hints, and potentially data derived from authenticated sessions or locally loaded content. In a browser-automation skill, this omission is more dangerous because agents may profile logged-in workflows, internal apps, or local file interactions and then persist those traces to disk where they can be mishandled or exfiltrated.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The documentation shows proxy URLs with embedded usernames and passwords in environment variables and command examples. This is dangerous because such credentials can be exposed through shell history, process listings, terminal logs, screenshots, CI logs, and copied snippets, and users may imitate the insecure pattern in real environments. In a browser automation skill, proxy use is common, so these examples are especially likely to be reused directly.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
This documentation promotes recording browser sessions and screenshots but never warns that videos may capture credentials, session cookies, personal data, internal dashboards, or other sensitive page content. In the context of an agent browser automation skill, this is more dangerous because the documented use cases explicitly include login flows, CI artifacts, and debugging, all of which commonly expose secrets and private data that could then be stored insecurely or shared broadly.

Session Persistence

Medium
Category
Rogue Agent
Content
### Load Session State

```bash
# Restore saved state
agent-browser state load /path/to/auth-state.json

# Continue with authenticated session
Confidence
90% confidence
Finding
Restore saved state

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal