ClawHub

m5stack-chrome-browser-control

Security checks across malware telemetry and agentic risk

Overview

This skill is a real browser-automation helper, but it gives an agent broad access to the user's logged-in Chrome pages and email without a clear consent gate.

Install only if you intentionally want an agent to control your real Chrome browser. Prefer a separate Chrome profile with only the accounts needed for the task, keep sensitive tabs closed, disable remote debugging when finished, and require explicit approval before the agent reads email, opens private sites, submits forms, posts content, or changes account data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger scenarios are broad enough to overlap with common requests like opening a browser, searching content, or checking mail, which raises the chance that the skill is invoked when the user did not intend to grant browser automation. In this skill, accidental activation is especially risky because it can act on an already-authenticated local Chrome session and expose sensitive web content.

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill explicitly supports controlling a local Chrome instance and reading content from already logged-in pages, including Outlook mail, but it does not prominently warn that this can expose private account data, session-authenticated content, and email contents. Because the workflow relies on the user's live browser session, the privacy risk is materially elevated: the agent could access sensitive personal or corporate data without the user fully understanding the scope.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal