Browser Use Pro

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed browser automation helper, but it can control logged-in browser sessions and send page context to an LLM, so users should run it with tight limits.

Install only if you are comfortable letting an agent automate browser workflows. Use a dedicated browser profile, restrict allowed domains, keep API keys in environment variables, disable vision when secrets are visible, review generated scripts before running them, and require explicit confirmation before posting, purchasing, submitting forms, or changing account data.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Intent-Code Divergence

Medium

Confidence: 90% confidence
Finding: The documentation asserts the skill will not silently connect to running browsers, but the provided CDP example can attach to any Chrome instance already exposing localhost:9222, regardless of how it was started. In a browser automation skill, attaching to an existing authenticated browser session can expose cookies, active sessions, and sensitive page contents, making the misleading safety claim materially risky.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal