ClawHub

Browser Use 1.0.2

Security checks across malware telemetry and agentic risk

Overview

This browser automation skill is broadly coherent with its purpose, but users should handle remote browsing, cookie/profile sync, and tunnels carefully.

Install only if you intentionally want browser automation through the browser-use CLI. Treat cookie exports, synced profiles, and real Chrome profiles like credentials; prefer domain-scoped sync, avoid full-profile sync unless explicitly needed, do not use remote/cloud mode for sensitive sites without understanding that page activity may leave the local machine, and stop cloud sessions and tunnels after use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill introduces remote/cloud browsing and agent task execution without an explicit, prominent warning that browser contents, form inputs, screenshots, cookies, and task metadata may be transmitted to an external service. In this context, users may unknowingly expose sensitive data while assuming browser automation is local, which creates a real privacy and data-handling risk.

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill documents cookie export/import and later full-profile sync capabilities that can copy authenticated browser state, but it does not present a strong, early warning that these artifacts may contain session tokens, persistent logins, and other credentials. Because this skill is specifically for browser automation, these commands materially increase the chance of credential exposure or account takeover if used casually or on the wrong system.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The tunnel feature is described as a convenience workflow but does not clearly warn that it exposes a local development service to the public internet. Users may unintentionally publish internal apps, admin panels, debug endpoints, or unauthenticated test systems, increasing the risk of unauthorized access and data leakage.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal