Security audit
Browser VM Setup
Security checks across malware telemetry and agentic risk
Overview
This skill is a setup guide for running a browser agent on a VM, with sensitive behavior like sessions, screenshots, shell-capable dashboard access, and retention disclosed and scoped to user-controlled infrastructure.
Before installing, be comfortable that this guide is for a VM you control and that it involves privileged setup, browser session persistence, screenshots/logs that may contain personal data, and a local dashboard with shell-level power. Keep the dashboard loopback-only, use SSH tunneling, avoid public exposure, install and verify retention cleanup, and do not use proxy or residential egress paths unless you have explicit authorization for the target.
SkillSpector
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
64/64 vendors flagged this skill as clean.
Static analysis
No suspicious patterns detected.
