ClawHub
Back to skill

Security audit

1Password Browser Login

Security checks across malware telemetry and agentic risk

Overview

This skill is transparent about using 1Password to log into websites, but it gives an agent broad credential and authenticated-site authority without enough confirmation or scoping.

Install only if you are comfortable letting the agent use 1Password credentials to log into websites for you. Use a narrowly scoped 1Password service account, confirm the exact vault/item/site/action before each run, avoid financial or destructive account actions, and delete sensitive files saved in ./downloads when finished.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger description is broad enough that ordinary user requests like 'help me log into X and do Y' could invoke a skill that retrieves secrets from 1Password and performs external browser automation. That increases the chance of unintended execution on sensitive sites, especially because the skill can enumerate items, fetch credentials, and download data once triggered.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
This skill accesses highly sensitive credentials from 1Password, logs into third-party sites, and may download or exfiltrate content, but its description does not prominently warn about these high-risk capabilities or require explicit user consent. In context, this is more dangerous because the skill has direct access to a service account token-backed secret store and can perform consequential actions on remote services after authentication.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.