ClawHub
Back to skill

Security audit

Google AI Mode Search

Security checks across malware telemetry and agentic risk

Overview

This skill appears to provide the advertised Google AI search helper, but it uses sensitive Google session access and a risky Chrome debugging setup that should be reviewed before installation.

Install only if you are comfortable letting the skill use an authenticated Google browser session or exported Google cookies. Prefer a separate Chrome profile or low-risk Google account, protect cookies.json like a password, close the CDP browser when finished, and avoid running the launcher while important Chrome windows or unsaved browser work are open.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill explicitly states it can use locally stored Google cookies, but the documentation does not clearly explain that these cookies may grant access to the user's authenticated Google session and could expose account data if mishandled. In an agent skill context, encouraging users to export and store browser cookies without strong warnings or safeguards increases the risk of credential theft, session hijacking, and unintended access to personal Google resources.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The tool loads authentication cookies from disk and injects them into an automated browser session, effectively reusing live session credentials. If the cookie file is exposed through weak filesystem permissions, backups, logs, or malware, an attacker could hijack the user's authenticated Google session.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script unconditionally force-kills all "Google Chrome" processes with SIGKILL before launching a new instance, which can terminate unrelated user sessions, discard unsaved work, and bypass normal application shutdown safeguards. In the context of also enabling a persistent remote debugging port, this behavior increases risk because it disrupts an actively used browser to replace it with a specially configured debug-enabled instance without user confirmation.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal