ClawHub

web-collection

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real browser collection helper, but it gives the agent broad local execution and credential-handling authority that users should review before installing.

Install only if you trust the publisher and need this exact local/cloud browser-collection workflow. Prefer local mode when possible, avoid persisting cloud tokens unless you accept plaintext local-file storage, do not let untrusted text control --bridge-cmd or WEB_COLLECTION_BRIDGE_CMD, use a scoped/rotatable API token, and consider a separate Chrome profile for sensitive browsing sessions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The script automatically sources an admin token from an environment variable or a predictable local file and then attaches it to requests. This broadens the skill from simple collection into privileged local administration, and if the script is invoked in an untrusted workflow it can silently exercise admin APIs with elevated authority.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The script explicitly accepts and persists `defaultCloudToken` and `defaultCloudDeviceId` into a JSON preferences file under the user's state directory, with no encryption, permission hardening, or use of a secret store. If the local account, backups, logs, or synced dotfiles are exposed, cloud authentication material can be recovered and reused to access the connected service.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
Cloud mode sends collection requests, device identifiers, and bearer tokens to a remote backend, yet the skill text does not require a clear user-facing disclosure that data is being transmitted to an external service. Because collected browser/plugin data may contain sensitive content, this creates a meaningful privacy and credential-handling risk in the exact context of this skill.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The script executes a user-controlled string via 'nohup bash -lc "$BRIDGE_CMD"', which is direct shell command execution. If an attacker can influence the argument, configuration, or upstream task parameters, this becomes arbitrary local code execution with the privileges of the user running the script.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
In cloud mode, the script forwards both collection payloads and bearer credentials to a remote service endpoint, but there is no explicit consent boundary, transmission warning, or host allowlisting in this entrypoint. In the context of a collection skill that can gather platform data and route it off-host, silent remote dispatch increases the risk of unintended data disclosure and credential misuse if users misconfigure the base URL or do not realize cloud mode transmits sensitive data externally.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal