ClawHub

OpenClaw Native Browser

Security checks across malware telemetry and agentic risk

Overview

This is a real browser-automation skill with a coherent purpose, but it asks users to install external code and gives agents access to persistent logged-in web sessions without enough safety boundaries.

Review and pin the external GitHub code before installing. Treat this as a high-privilege browser: use isolated or disposable accounts, avoid sensitive personal logins unless necessary, clear cookies and tabs after use, and only disable built-in web tools if you intend future web tasks to use this persistent browser session.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill explicitly promotes login helpers, persistent cookies, and use with authenticated third-party services, but it does not provide clear warnings about handling credentials, session persistence, or the privacy implications of storing authenticated browser state. In an agent context, this increases the chance that users or downstream automations will expose sensitive accounts or reuse sessions without understanding the security tradeoffs.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The examples encourage direct entry of third-party credentials into automation flows without any accompanying warning about account takeover risk, secrets leakage, MFA limitations, or persistent authenticated state. Because the skill also exposes JavaScript execution, DOM access, and cookie persistence, demonstrating login flows without safety guidance normalizes risky use of real credentials in a highly sensitive environment.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal