ClawHub

ziniao-webdriver-doc

Security checks across malware telemetry and agentic risk

Overview

This is documentation for Ziniao browser automation, but it needs review because it guides credentialed browser control, process killing, and executable downloads without enough safety guardrails.

Review this carefully before installing. Treat it as reference material for trusted Ziniao automation only: keep the WebDriver service bound to localhost unless you deliberately secure remote access, use a dedicated low-privilege automation account, keep passwords out of prompts/logs/source control, verify any downloaded driver or demo code before running it, and avoid force-killing processes or clearing cache unless you understand the session and data-loss impact.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (8)

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The skill metadata says it should be used for understanding interfaces, architecture, and integration planning rather than concrete automation scripting, yet this section provides directly runnable Selenium and ChromeDriver automation code. That materially expands the skill from documentation into operational automation enablement, increasing the chance that users execute browser control workflows with credentials and remote downloads in contexts not intended by the manifest.

Description-Behavior Mismatch

Medium
Confidence
81% confidence
Finding
Listing business-task automation examples such as order retrieval, report downloads, and review export pushes the skill beyond design discussion into concrete operational use cases. In this context, those examples can facilitate automation of sensitive business workflows and normalize use of the skill for live account actions despite the declared non-execution scope.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill includes forceful process-termination commands (`Stop-Process -Force`, `pkill -f`) that can kill matching processes without explaining risks such as data loss, interruption of unrelated sessions, or overbroad matching. In a documentation skill, this is dangerous because users may copy-paste the commands directly, and the `-match 'ziniao|ZiNiao'` / `pkill -f ziniao` patterns may terminate more processes than intended.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The documentation repeatedly instructs callers to provide `company/username/password` on multiple API calls but does not warn about secure credential handling, storage, logging, or transmission practices. This increases the risk that integrators will hardcode secrets, expose them in logs, or mishandle them in scripts and HTTP clients, especially because the workflow normalizes sending credentials frequently.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documentation tells users to send credential-bearing API requests to an HTTP endpoint on 127.0.0.1 without any warning about the trust boundary, local malware risk, port exposure, or the need to ensure the service is bound only to localhost. Even though loopback traffic is not normally network-exposed, plaintext credential handling on a local admin/control interface can still be abused by malicious local processes, misconfigurations, port forwarding, or users adapting the example to non-local hosts.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The request examples include company, username, and password fields but provide no guidance on secret handling, such as not hardcoding credentials, not committing them to source control, redacting logs, or using secure secret storage. In an automation/WebDriver integration context, users commonly copy examples directly into scripts, so omission of handling guidance materially increases the chance of credential leakage.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The document tells users to replace company, username, and password values but gives no guidance on secure handling of those credentials. In an automation context, that omission can lead users to hardcode secrets in scripts, store them insecurely, or share them in repositories and logs.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The sample code performs network retrieval of ChromeDriver archives and writes an executable to disk, but it does not warn about supply-chain and execution risks or recommend integrity verification. In practice, users may copy this pattern into production tooling and automatically fetch and run binaries without checksum validation, signature verification, or allowlisting.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal