Xiaopi Agent Browser

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only browser automation skill whose sensitive capabilities are expected for its purpose, but saved sessions and captured page files should be treated carefully.

Install this only if you need agent-controlled browser automation. Verify the external npm package before installing, use it only on sites you intend to automate, avoid privileged accounts when possible, and treat saved state, cookies, screenshots, PDFs, videos, and traces as sensitive local files.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill explicitly documents reading cookies/localStorage and saving/loading browser state, but provides no warning that these artifacts can contain active session tokens, authentication cookies, or other secrets. In an agent context, this makes credential reuse and cross-session impersonation more likely because users may treat saved state as harmless automation data.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill advertises screenshots, PDFs, recordings, traces, and saved artifacts without warning that they may capture page contents, credentials, PII, tokens, or internal application data to local disk. In browser automation for agents, these files can silently accumulate sensitive data and later be exfiltrated or mishandled.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal