ClawHub

AutoGLM Toolkit

Security checks across malware telemetry and agentic risk

Overview

This skill is a broad AutoGLM automation toolkit that appears purpose-aligned, but it can act through logged-in browser sessions and reuse them, so users should review it carefully before installing.

Install only if you need AutoGLM/Zhipu browser and research automation and trust the provider and browser extension. Keep auto_approve disabled, use narrow task descriptions, avoid sensitive accounts or private/internal URLs, manually confirm any posting, form submission, purchase, account change, or document edit, and clear or log out of browser sessions after use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill advertises browser automation that can log in, fill forms, interact with social media, and persist sessions, but it does not include an explicit user-facing warning about the risk of account changes, purchases, posts, or other irreversible actions. Combined with session reuse and broad task delegation, this increases the chance that users trigger impactful actions without understanding the operational and account-security consequences.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill instructs users to send bearer tokens, app identifiers, timestamps, signatures, and browsing requests to remote APIs without any privacy, retention, or data-handling warning. This is risky because credentials and visited URLs may expose sensitive account information, internal resources, or user activity patterns to a third-party service without informed consent.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal