ClawHub

browser-cli

Security checks across malware telemetry and agentic risk

Overview

This is a legitimate browser automation skill, but it gives agents access to live browser sessions, cookies, cloud profile sync, and public localhost tunnels without enough safety warnings or scoping guidance.

Install only if you need high-trust browser automation and trust the browser-use installer, package, and cloud service. Prefer isolated test browser profiles and test accounts, avoid syncing personal or privileged Chrome profiles, treat exported cookies as secrets, do not expose local admin/debug services through tunnels, and close browser sessions and tunnels when finished.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill documents connecting to real Chrome profiles, cloud browsers, and API-backed browser sessions without warning that these modes can expose authenticated sessions, browsing data, extensions, and other privacy-sensitive material. In a browser automation skill, this omission is materially risky because users may unknowingly run automation against live personal accounts or remote infrastructure.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
Cookie export/import and profile sync features handle authentication artifacts that can directly enable session hijacking if copied, stored insecurely, or transferred to cloud services. The skill presents these capabilities as routine operations without warning that cookie JSON files and synced profiles should be treated like credentials.

Missing User Warnings

High
Confidence
98% confidence
Finding
The tunnel feature publicly exposes a local service over HTTPS, which can unintentionally make development servers, admin panels, debug endpoints, or unauthenticated APIs reachable from the internet. In this skill, the example flow normalizes exposing localhost without any warning about access controls, secrets, or limiting exposure duration.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal