Daxiang Dogfood

Security checks across malware telemetry and agentic risk

Overview

This is a legitimate web-app QA skill, but it can save login sessions and capture sensitive screenshots or videos without enough user control.

Use this only on sites you are authorized to test, preferably with a test account and test data. Before running it on authenticated or production systems, choose a safe output directory, avoid destructive workflows unless explicitly intended, and delete auth-state.json plus screenshots, videos, console logs, and reports when the review is complete.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 81% confidence
Finding: The trigger phrases are broad enough to match common requests like 'review the quality of a web application' or 'find issues,' which can cause the skill to activate in situations the user did not clearly intend. In this skill, activation grants powerful browser automation and evidence collection behavior, increasing the chance of unintended interaction with live sites, authenticated areas, or sensitive content.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill instructs saving authenticated browser state to disk (`auth-state.json`) without any warning, minimization, retention limit, or consent step. Session state can contain cookies, tokens, and other credential material; if written to an insecure directory or reused later, it may enable account takeover or unauthorized access.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal