ClawHub

browser-testing

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward Playwright browser-testing skill that loads user-supplied URLs to measure performance, layout shift, and theme flicker, with no evidence of hidden collection or unrelated behavior.

Install this only if you want local Playwright-based browser diagnostics. Run it against pages and endpoints you control or are authorized to test, avoid untrusted URLs or sensitive internal/admin endpoints, and remember that flicker screenshots are written under /tmp.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill instructs users to run Playwright/ts-node scripts that make outbound HTTP requests, but the manifest does not declare any corresponding permission or capability boundary. That mismatch can undermine review and user expectations, making it easier for a skill to contact arbitrary URLs or local services without transparent disclosure.

Vague Triggers

Medium
Confidence
75% confidence
Finding
The description uses broad invocation language such as 'VERIFY your changes work' and 'Use BEFORE and AFTER making changes,' which does not clearly limit when the skill should be used. Overly broad triggers can cause an agent to invoke a network-capable testing skill in more situations than intended, increasing unnecessary exposure to local or external targets.

Missing User Warnings

Low
Confidence
89% confidence
Finding
The quick-start instructions tell the user to run scripts against supplied URLs, including pages and API endpoints, without a clear warning that the scripts will actively contact those targets and collect network/performance data. In an agent context, that can lead to unintended requests to internal services, local admin panels, or sensitive endpoints if the URL is substituted carelessly.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The script accepts a user-supplied URL and automatically opens it in a real browser, generating outbound requests to arbitrary destinations and collecting detailed request URLs and performance telemetry. In a browser-testing skill this behavior is expected, but it can still expose internal endpoints, query strings, tokens embedded in URLs, or other sensitive network metadata if used on untrusted or attacker-controlled targets.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal