ClawHub

opencli浏览器自动化

Security checks across malware telemetry and agentic risk

Overview

This is a real browser-automation skill, but it grants broad control over logged-in browser sessions without enough scoping, privacy warnings, or install-source assurance.

Install only if you trust the separate opencli extension and are comfortable giving automation control over a logged-in browser. Prefer a dedicated low-privilege browser profile, avoid sensitive accounts, review every eval/generated command before running it, and disable the extension or daemon when finished.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The skill explicitly documents AI-driven exploration that discovers site APIs and storage structures, which expands the capability from ordinary UI automation into reconnaissance of internal application behavior. In the context of logged-in browser reuse, this can expose sensitive endpoints, tokens, local storage contents, or undocumented interfaces that should not be broadly enumerated by a generic automation skill.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs users to extract `document.body.innerText` and take screenshots from logged-in sessions, which can capture private conversations, personal data, account information, or other sensitive page content in bulk. Because the skill is designed to reuse an already authenticated real browser profile, the data exposed is likely to be high-value and tied to the user's live accounts.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill promotes operating against sites using existing logged-in browser sessions and cookies but does not clearly warn that this exposes authenticated account context to automation commands. In practice, this makes every subsequent action run with the user's real privileges, increasing the risk of privacy loss, unintended account actions, or extraction of protected content.

Ssd 3

Medium
Confidence
96% confidence
Finding
The instructions explicitly recommend pulling complete text from logged-in chat pages, creating a straightforward data exfiltration pattern for sensitive natural-language content. Chat transcripts often contain personal information, secrets, proprietary text, or credentials, so bulk extraction from authenticated sessions is especially dangerous.

Ssd 3

Medium
Confidence
94% confidence
Finding
Generic guidance to retrieve complete dialogue text from chat pages normalizes bulk collection of conversational content and creates a reusable leakage pattern across many sites. Even without overt malicious intent, this increases the chance that sensitive user or third-party content is copied, stored, or transmitted unnecessarily.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal