ClawHub

Headful Browser (VNC)

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed remote browser automation skill, but it can expose live browser sessions and save login cookies or page data to disk with limited built-in containment.

Install only in an isolated VM or container, use a dedicated browser profile, bind VNC and debugging ports to localhost behind SSH tunneling or firewall rules, log in only to accounts intended for the task, treat exported cookies like passwords, review any auto-install command before allowing it, and delete browser profiles and output artifacts promptly.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The help text claims privileged package-manager commands require the --auto-install flag, but the code also honors the AUTO_INSTALL environment variable. This can mislead operators into believing execution is disabled when an inherited environment variable could still permit package installation after prompt confirmation.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This script exports all browser cookies obtained over the Chrome DevTools Protocol and writes them to a plaintext JSON file on disk with no confirmation, scoping, or protection. Because cookies often contain authenticated session tokens, anyone with access to the output directory or downstream artifacts can reuse them to hijack logged-in sessions, and this skill's stated purpose explicitly includes cookie export, which makes the risk more concrete rather than hypothetical.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
This script writes full page HTML and browser cookies to disk after visiting an arbitrary URL, which can expose session tokens, authenticated content, CSRF secrets, and other sensitive data to any process or user with access to the output directory. In the context of a headful browser skill that explicitly exports Chrome/CDP artifacts, this is more dangerous because the browser may be attached to an already-authenticated session, turning the export into a credential and data exfiltration mechanism.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal