Goofish Search List

Security checks across malware telemetry and agentic risk

Overview

The skill mainly does what it says, but it also advises scaling scraping with multiple stealth browser sessions, which creates review-worthy platform-abuse risk.

Install only if you are comfortable using an authenticated Goofish browser session for scraping. Avoid the stealth multi-session throughput guidance unless you have explicit permission and clear compliance with Goofish rules; keep collection rate-limited and user-directed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: The guidance to increase throughput by opening multiple stealth browser sessions materially escalates the skill from ordinary page reading into anti-detection, scalable scraping behavior. That can facilitate evasion of platform controls, higher-volume collection, and account or IP abuse, making the skill more dangerous in context than a single-session visible-data extractor.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal