xvfb-chrome
Security checks across malware telemetry and agentic risk
Overview
This is a documentation-only Chrome/Xvfb automation skill with disclosed operational risks, not hidden or malicious behavior.
Use this skill only for Linux server browser automation. Prefer an isolated container or dedicated host, run Chrome as an unprivileged user, keep the DevTools port bound to localhost, avoid logged-in personal profiles, use per-task profile directories, and be careful with killall or pkill examples on shared systems.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
66/66 vendors flagged this skill as clean.