Safe-Web

Security checks across malware telemetry and agentic risk

Overview

Safe-Web is a disclosed web-fetch/search safety wrapper with no artifact-backed evidence of hidden data theft, destructive behavior, or automatic persistence.

Before installing, review and trust the PromptGuard dependency and this script, prefer a virtual environment or user-local bin path where possible, and only use the sudo symlink or disable native web tools if you intentionally want Safe-Web to affect browsing system-wide.

SkillSpector

By NVIDIA

Vulnerability Patterns

Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The README instructs users to run a privileged `sudo ln -s ... /usr/local/bin/safe-web` command, which modifies a system-wide executable path without any warning about trust, verification, or rollback. Even though this is standard packaging behavior, encouraging privileged installation from a workspace path can increase risk if the referenced script is later modified, replaced, or installed from an untrusted checkout.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal