ClawHub

Arise Browser

Security checks across malware telemetry and agentic risk

Overview

This is a legitimate browser automation skill, but it exposes powerful browser-session controls that users should review carefully before installing.

Install only if you are comfortable running a local service that can control a browser session. Use a dedicated fresh profile, set ARISE_BROWSER_TOKEN, keep API/live-view ports local and unforwarded, avoid sensitive logged-in accounts, review any /evaluate or cookie use, and stop the daemon when finished.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The /evaluate endpoint permits arbitrary JavaScript execution in the page context, which is a powerful capability that can read page state, manipulate DOM content, trigger actions, and access data available to the current origin. In a browser-automation skill, this materially increases risk because an agent or any local caller could bypass the safer snap/act model and interact with authenticated sessions or sensitive pages in unintended ways.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill explicitly states the agent is controlling a real Chrome browser and provides instructions for logging into pages, navigating, clicking, and typing, but it does not warn that these actions can affect live accounts, submit forms, make purchases, or expose sensitive session data. In an agent setting, this omission materially increases the risk of unintended real-world actions because the skill encourages operation as if a human were directly driving a live browser session.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The cookies endpoints expose direct access to browser session material and allow modification of cookies, which can enable session theft, impersonation, or tampering with authenticated state if the local service is reachable by an untrusted process. In this skill context, the danger is elevated because the browser is likely logged into user accounts, making cookie access equivalent to access to those sessions.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
Documenting arbitrary page-context JavaScript execution without any safety guidance normalizes a highly dangerous primitive that can alter page behavior and extract sensitive data from active sessions. In practice, the core issue is not merely missing warning text but the exposure of this capability itself, especially on a localhost service that may be callable by other local software.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal