Back to skill

Security audit

browserwing

Security checks across malware telemetry and agentic risk

Overview

BrowserWing appears to be a legitimate browser automation skill, but it gives agents powerful browser, credential, upload, and JavaScript capabilities without enough user-control guidance.

Install only if you trust the BrowserWing Executor you will connect to. Prefer a local or secured executor, and require explicit user approval before logins, uploads, purchases, posts, account changes, screenshots, page dumps, network inspection, or JavaScript execution.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly includes a login automation workflow with username and password entry but provides no user-facing warning, consent requirement, or guidance about handling credentials safely. In an agent setting, this can normalize credential submission to arbitrary sites and increases the risk of phishing, accidental secret disclosure, or unauthorized account actions if the agent follows untrusted prompts.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill advertises powerful capabilities such as JavaScript execution and file upload without any caution about their security implications. These features can materially affect system or data integrity by enabling execution of page-context code, modification of remote state, or transfer of sensitive local files if an agent is induced to use them unsafely.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.