ClawHub

Chrome Extension Maintainer

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only Chrome extension release-review workflow with clear limits around publishing and no evidence of hidden execution or data misuse.

Before installing, understand that this skill may guide Codex to inspect private extension code, analytics exports, support messages, and public listing/privacy materials you provide. It is not an automated publisher and explicitly requires approval before irreversible or external release actions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Memory PoisoningPersistent Context Injection, Context Window Stuffing, Memory Manipulation
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Memory Manipulation

High
Category
Memory Poisoning
Content
- Narrow one-click workflows over broad dashboards.
- `activeTab` and click-triggered scripting over persistent host permissions.
- Local-first output with optional remote improvement only after explicit user action.
- Clear state labels: ready, reading, improving, copied, exported, failed.
- Small versioned releases with one measurable behavior change.
- Locale expansion based on actual language/region usage and support burden.
Confidence
80% confidence
Finding
Clear state

VirusTotal

57/57 vendors flagged this skill as clean.

View on VirusTotal