Back to skill

Security audit

Browser Cookie Manager

Security checks across malware telemetry and agentic risk

Overview

This skill openly extracts browser cookies, but those cookies can act like login credentials and the package does not give enough warning or control around exporting them.

Install only if you intentionally need to export cookies from a browser profile you control. Treat all output as credentials: do not paste it into chats, logs, tickets, or shared files, and avoid saving cookie files unless you can protect and delete them promptly.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill explicitly instructs users to run a Python script that reads browser cookies and can write them to disk, yet it declares no permissions despite requiring shell execution and file output capabilities. Cookie extraction is highly sensitive because browser cookies can grant authenticated session access, so undeclared capabilities reduce transparency and safety controls around a credential-accessing workflow.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The activation text and when-to-use guidance are broad enough to trigger on ordinary requests involving browser cookies, which can cause the skill to be selected in contexts where users may not appreciate that it accesses live browser credential material. Because cookies often function as bearer tokens for active sessions, overly broad invocation increases the chance of unnecessary extraction, exposure, or misuse of sensitive authentication data.

Missing User Warnings

High
Confidence
96% confidence
Finding
The skill describes reading cookies from multiple browsers and converting them into reusable formats such as HTTP headers and cURL commands, but it does not clearly warn that cookies may enable full session hijacking or account takeover if exposed. The lightweight 'personal use' disclaimer does not meaningfully mitigate the risk because the capability itself handles highly sensitive authentication artifacts that are easy to replay.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
This script is explicitly designed to extract browser cookies, which are sensitive authentication artifacts that can enable account takeover or session hijacking if exposed. It provides no explicit privacy/security warning, no consent confirmation, and even supports exporting cookies as a reusable header or cURL command, which increases the likelihood of misuse beyond legitimate inspection.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.