Browser Research Lite

Security checks across malware telemetry and agentic risk

Overview

This browser-research helper is not malicious, but it quietly reads recent local OpenClaw session logs to decide whether the browser is available.

Install only if you are comfortable with the skill running local code, invoking the OpenClaw CLI from PATH, and reading recent OpenClaw session-log tails for browser availability signals. There is no evidence of malware or data exfiltration, but the local session-log access should be disclosed more clearly.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (3)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 86% confidence
Finding: The skill invokes a shell command and directs the agent to run a local Python script, but the manifest does not declare those capabilities. Hidden file-read and shell behaviors reduce transparency and can bypass user or platform expectations about what the skill is allowed to do. In this context, the risk is amplified because the skill is framed as simple browser research while also performing local environment inspection.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 92% confidence
Finding: The skill's stated purpose is web research, but the described behavior includes local session inspection and external diagnostic commands unrelated to gathering web evidence. This mismatch is dangerous because reviewers and users may approve a seemingly low-risk research skill that actually probes the local agent environment, creating opportunity for unintended data exposure or privilege expansion. The skill context makes this more dangerous, not less, because a research-oriented skill should not need opaque local diagnostics to fulfill its core function.

Context-Inappropriate Capability

Medium

Confidence: 88% confidence
Finding: The script inspects local session logs under the user's home directory and infers browser/tool availability from prior agent activity. In a skill advertised as lightweight browser-based research, this expands scope into local behavioral telemetry collection, which can expose sensitive prompts, tool usage patterns, and environment state beyond what is necessary for web research.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal