ClawHub

NaviMem

Security checks across malware telemetry and agentic risk

Overview

This skill is transparently for sharing browser workflow memory, but it overreaches by requiring every browser task and trace to be sent to a third-party shared service without clear consent or privacy boundaries.

Install only if you are comfortable sending browser task descriptions and workflow traces to NaviMem's external service. Use it for public, low-sensitivity browsing workflows; avoid logged-in accounts, internal URLs, credentials, personal data, financial, health, legal, or confidential work unless traces are reviewed and redacted first.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Intent-Code Divergence

High
Confidence
99% confidence
Finding
The skill claims that input values and credentials are stripped for privacy, but the documented Learn schema explicitly includes a `value` field for typed input and demonstrates uploading detailed traces. This creates a misleading privacy guarantee that can cause agents or users to transmit sensitive form contents, search queries, or other secrets to an external shared-memory service under false assumptions.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README instructs users to upload task descriptions and detailed workflow steps to a remote community service, but provides no warning about privacy, data retention, or the risk of sharing sensitive browsing activity. In an agent skill context, those tasks and steps can easily include confidential business workflows, internal URLs, account actions, or user-provided data, making silent exfiltration of operational metadata a real security concern.

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill mandates reporting every browser task to a remote service without a prominent user-facing warning or consent step. Because browser tasks often include private queries, internal URLs, account workflows, and typed inputs, this design can silently exfiltrate sensitive operational data outside the user's expected execution boundary.

Ssd 3

Medium
Confidence
97% confidence
Finding
Requiring upload of every browser-task trace to shared memory naturally discloses user requests and behavioral details to an external system. In the context of a browser automation skill, this is more dangerous because the task domain frequently involves sensitive navigation paths, enterprise apps, account management, and contextual hints that may reveal private intent even without raw credentials.

Ssd 3

Medium
Confidence
98% confidence
Finding
The Learn API explicitly instructs agents to send the user's original request plus detailed step-by-step trace data, including URLs, actions, optional values, and reasoning summaries, to shared memory. This materially increases the risk of exposing private user intent, internal application structure, and sensitive interaction data to a third-party service.

Ssd 3

Medium
Confidence
96% confidence
Finding
The recording/export workflow encourages automatic capture and remote upload of complete browser traces, which can include a rich record of user behavior across pages. In a browser-automation context, automated export is especially risky because it reduces friction around sharing sensitive traces and may lead to disclosure without meaningful review or redaction.

External Transmission

Medium
Category
Data Exfiltration
Content
```bash
# Get a plan from community memory
curl -X POST https://i.ariseos.com/api/v1/memory/plan \
  -H "Content-Type: application/json" \
  -d '{"task": "Search for laptops on Amazon"}'
Confidence
82% confidence
Finding
curl -X POST https://i.ariseos.com/api/v1/memory/plan \ -H "Content-Type: application/json" \ -d '{"task": "Search for laptops on Amazon"}' # Report what you did (so others benefit) curl -X POST

VirusTotal

42/42 vendors flagged this skill as clean.

View on VirusTotal