Back to skill

Security audit

Chrome Screenshot

Security checks across malware telemetry and agentic risk

Overview

This skill does what it claims, but its screenshot script has unsafe input handling and weak browser isolation that make it worth manual review before use.

Install only if you trust the HTML files and paths being passed to the script. Prefer simple filenames, numeric widths, and a temporary directory containing only the target HTML and needed assets. Do not rely on the PDF feature until it is fixed, and treat this as needing a patch before use on untrusted or user-supplied HTML.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Tp4

High
Category
MCP Tool Poisoning
Confidence
80% confidence
Finding
The skill documentation promises local HTML-to-image/PDF rendering, but it also exposes the HTML file's directory through a localhost HTTP server. Even though it binds to 127.0.0.1, this expands access from a single file read to serving potentially adjacent files in that directory, and the undeclared behavior can violate least-privilege expectations. The claimed PDF support without matching implementation is also dangerous because users may rely on unsupported behavior and apply the skill in ways that bypass review or validation.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.