ClawHub

Remote Browser Deploy

Security checks across malware telemetry and agentic risk

Overview

The skill does what it claims, but it asks for broad system privileges and exposes a persistent remote browser service that users should review carefully before installing.

Install only on a machine or VM you are comfortable administering. Avoid public internet exposure of port 6080 unless you add stronger controls such as a firewall allowlist, VPN, SSH tunnel, TLS/authenticated proxy, and a stronger password. Do not grant blanket passwordless sudo unless you understand the risk and remove it immediately after setup. Expect persistent system services and a browser profile under /root until you disable or remove them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The skill explicitly instructs granting the current user `NOPASSWD: ALL` via `/etc/sudoers.d`, which is a full, system-wide privilege escalation far beyond what is required to deploy a browser stack. Even if described as temporary, this creates a high-risk window where any subsequent command run by the agent or user can execute as root without friction, greatly amplifying impact from mistakes or compromise.

Context-Inappropriate Capability

Medium
Confidence
87% confidence
Finding
The Windows troubleshooting guidance tells the agent to forcibly terminate all Edge and Chrome processes with `taskkill /F`, which can kill unrelated user browsing sessions, destroy unsaved work, and disrupt other applications using embedded browser processes. This exceeds the minimum necessary action for the stated goal and gives the skill unnecessary destructive capability over user applications.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill instructs opening port 6080 and exposing a remote desktop-style browser session, but the security implications are underemphasized relative to the operational instructions. This service can expose live authenticated sessions, page contents, and manual login/verification actions to anyone who obtains network access and the weak VNC password, especially when combined with port forwarding or cloud exposure.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal