Back to skill

Security audit

一键通过9222调试端口启动Chrome

Security checks across malware telemetry and agentic risk

Overview

This skill starts Chrome for debugging but force-closes all existing Chrome windows first without a warning or confirmation.

Install only if you are comfortable with this skill closing all current Chrome windows when invoked. Save browser work first, use it only in a trusted local development environment, and avoid sensitive accounts in the debug-enabled Chrome profile.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The skill executes OS-level commands to forcibly kill all Chrome processes and then launches a new Chrome instance with remote debugging enabled on port 9222. This can disrupt user activity, bypass normal browser-session expectations, and expose a powerful local debugging interface that can be abused by other local processes or misconfigurations.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The script performs destructive process termination (`taskkill /f /im chrome.exe`) and starts a subprocess without any warning, consent, or scope limitation. In context, this is dangerous because it can terminate active user browsing sessions and create an automation/debugging surface without the user's informed approval.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.