Gemini Computer Use

Security checks across malware telemetry and agentic risk

Overview

This skill does what it claims: it runs a Gemini-powered browser automation loop, but users should know browser screenshots and URLs are sent to Gemini.

Install only if you are comfortable with a third-party Gemini model seeing the browser page, URL, and your prompt. Use a sandboxed browser profile, avoid logged-in or sensitive sites unless intentional, keep turn limits low, and use --exclude to block actions you do not want automated.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The code captures a live browser screenshot and current URL after each action and sends both to the remote Gemini model as function responses. This can expose sensitive on-screen data, session state, internal URLs, or user-entered content without any explicit notice, consent flow, or redaction, which is especially risky in a browser-control agent handling arbitrary websites.

Missing User Warnings

Medium

Confidence: 98% confidence
Finding: The initial request sends both the user's prompt and a full browser screenshot to the external model immediately after page load, with no warning that page contents will leave the local environment. In a computer-use skill, screenshots may contain credentials, personal data, confidential documents, or authenticated application state, making silent transmission a real privacy and data-leak risk.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal