Smooth Browser

Security checks across malware telemetry and agentic risk

Overview

This browser-automation skill appears purpose-aligned, but it gives an external service broad authority over logins, persistent browser sessions, local file uploads, and in-page JavaScript without enough scoping or warnings.

Install only if you are comfortable using Smooth as an external browser automation service. Avoid uploading secrets or confidential documents unless necessary, use separate profiles for each account, delete profiles or uploaded files when finished, and require explicit confirmation before login, account-changing actions, JavaScript execution, or file transfer.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (4)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The manifest advertises broad trigger phrases like 'log into' and 'any browser interaction request', which can cause the skill to be invoked for routine requests without clear user intent or scope limits. In a browser automation skill, over-broad routing increases the chance of sending sensitive web tasks, authenticated actions, or data extraction to an external service unnecessarily.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill explicitly encourages profiles to persist cookies, login sessions, and browser state, but does not prominently warn that these artifacts may retain sensitive authenticated access across sessions. This can lead users or downstream agents to reuse stored sessions without understanding the privacy and account-security consequences.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The file-upload workflow tells users to upload local documents for browser-session use but does not clearly disclose that those files are transmitted to and processed by an external service. Because uploaded files may contain contracts, invoices, screenshots, or other sensitive material, the missing disclosure creates a real risk of unintended third-party data exposure.

Missing User Warnings

Low

Confidence: 84% confidence
Finding: The download/export flow explains how to retrieve generated files but omits a warning that downloaded reports or exports may contain sensitive user data and may persist locally or in accessible output locations. In an automation context, this can result in accidental retention, sharing, or mishandling of personal or confidential information.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal