Chrome Debug Launcher

Security checks across malware telemetry and agentic risk

Overview

The skill is meant to launch Chrome for debugging, but it can close all existing Chrome windows without confirmation and open a debug-enabled browser.

Install only if you are comfortable with the agent controlling local Chrome. Before use, confirm there is no unsaved browser work, prefer a version that uses a separate Chrome profile without killing existing sessions, and avoid leaving the debug browser running longer than needed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Description-Behavior Mismatch

Medium

Confidence: 95% confidence
Finding: The skill claims to launch two Chrome instances, including a normal one 'alongside' a debug instance, but its first action forcibly terminates all existing Chrome processes system-wide. This can destroy active user sessions, interrupt unrelated work, and cause data loss risk from abruptly closed tabs or forms. In context, the discrepancy increases danger because a user asking to open browsers would not reasonably expect all running Chrome instances to be killed first.

Intent-Code Divergence

Low

Confidence: 90% confidence
Finding: The documentation states the skill opens two independent Chrome instances, but the procedure requires killing all running Chrome beforehand, which contradicts the advertised 'alongside' behavior. This mismatch can mislead users and downstream agents into executing a destructive action they did not consent to, increasing the chance of unsafe automation outcomes.

Vague Triggers

Medium

Confidence: 83% confidence
Finding: The activation phrase includes 'or any similar request,' which is overly broad and can cause the skill to trigger on ambiguous or loosely related user prompts. In this skill's context, broad matching is more dangerous because activation leads to disruptive local system actions, including launching a remote-debug-enabled browser and terminating Chrome processes.

Missing User Warnings

High

Confidence: 98% confidence
Finding: The skill forcibly kills all Chrome processes without warning, confirmation, or scope limitation. This is dangerous because it can abruptly terminate active browsing sessions, lose unsaved work, and log the user out of workflows; combined with the subsequent launch of a debug-enabled browser on port 9222, it creates a high-risk automation path from a simple natural-language trigger.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal