Claw Browser Automation

Security checks across malware telemetry and agentic risk

Overview

This is a legitimate browser-automation skill, but it gives agents broad control over web sessions and saved auth data without enough safety boundaries.

Install only if you trust the upstream agent-browser package and are comfortable giving an agent browser-session control. Prefer test accounts or isolated browser profiles, require manual approval for uploads, purchases, account changes, or public posts, and protect or delete saved auth state, cookies, screenshots, PDFs, videos, and traces after use.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill documents recording, screenshots, PDFs, traces, and saved browser state without warning that these commands persist potentially sensitive artifacts to disk. In a browser-automation skill, those files can contain session cookies, authenticated page content, tokens, form data, and other secrets that may later be read, exfiltrated, or committed accidentally.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill exposes commands for setting credentials, reading and modifying cookies, and accessing localStorage without any privacy or security guidance. In the context of an agent-controlled browser, these capabilities enable access to highly sensitive authentication material and user data, increasing the risk of credential theft, session hijacking, and unauthorized persistence.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal