Agent Browser with Camoufox

Security checks across malware telemetry and agentic risk

Overview

This skill is not clearly malicious, but it makes broad persistent changes to global browser automation tooling and uses unverified remote installers, so it needs review before installation.

Install only in an isolated or disposable environment and only for authorized automation you control. Read the installer first, avoid sudo, prefer pinned and verified downloads, and expect it to alter your global agent-browser installation. Do not use it to bypass protections on services where you do not have permission.

SkillSpector

By NVIDIA

Vulnerability Patterns

Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (11)

Description-Behavior Mismatch

Medium

Confidence: 93% confidence
Finding: The script overwrites the globally installed agent-browser package with a locally rebuilt copy, affecting all users and workflows on the system. This is dangerous because it silently changes trusted executable behavior system-wide and can introduce persistence, break updates, or mask future tampering under a familiar command name.

Missing User Warnings

Medium

Confidence: 98% confidence
Finding: The README instructs users to execute a remote installer directly via `curl | sh` without any integrity verification, pinning, or warning about arbitrary code execution. In a skill focused on deploying an anti-detection browser stack, this is more dangerous because users are encouraged to alter their local automation environment and may run commands with elevated trust.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The README tells users to edit and rebuild the source of a globally installed `agent-browser` package, but omits warnings about persistence, supply-chain implications, breakage on update, and trust boundaries. This can silently alter system-wide behavior for all future uses of the tool and make troubleshooting or rollback difficult.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The Rust installation instructions again use `curl | sh` to execute a remote script without verification or warning. This exposes the user to arbitrary code execution and persistent environment modification via shell profile changes.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The one-click installation section describes automatic installation, source modification, recompilation, and system replacement, but it does not warn that a globally installed package will be altered. Modifying globally installed tooling can affect other workflows and makes rollback and provenance tracking difficult.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The markdown includes a remote script execution pattern using curl piped directly to sh without any safety warning or integrity verification. This is dangerous because compromise of the remote host, DNS, TLS interception, or script changes can result in immediate arbitrary code execution on the target system.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: These instructions back up and then overwrite files in the global npm installation path without a clear warning about system-wide impact. Overwriting installed package contents can break dependent tools, introduce unreviewed code into trusted locations, and make future updates or audits unreliable.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The script destructively moves the existing global package and replaces it without prompting the user for consent. In an installer that modifies system-wide developer tooling, lack of confirmation increases the risk of unintended compromise, outages, and hard-to-diagnose behavior changes.

External Script Fetching

Low

Category: Supply Chain
Content: log_success "uv 已安装: $(uv --version)" else log_info "正在安装 uv..." curl -LsSf https://astral.sh/uv/install.sh | sh # 添加 uv 到 PATH if [ -f "$HOME/.local/bin/env" ]; then
Confidence: 99% confidence
Finding: curl -LsSf https://astral.sh/uv/install.sh | sh

External Script Fetching

Low

Category: Supply Chain
Content: # 检查 Rust if ! command_exists cargo; then log_info "安装 Rust..." curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y source "$HOME/.cargo/env" fi
Confidence: 99% confidence
Finding: curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh

Chaining Abuse

High

Category: Tool Misuse
Content: log_success "uv 已安装: $(uv --version)" else log_info "正在安装 uv..." curl -LsSf https://astral.sh/uv/install.sh | sh # 添加 uv 到 PATH if [ -f "$HOME/.local/bin/env" ]; then
Confidence: 99% confidence
Finding: | sh

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal