Back to skill

Security audit

Chrome DevTools Web Research

Security checks across malware telemetry and agentic risk

Overview

The skill is a legitimate browser-research helper, but it pushes broad access to a live Chrome session, including tabs, cookies, logins, and page state, without enough consent or isolation guidance.

Install only if you are comfortable letting an agent control and inspect a Chrome session. Use a separate temporary Chrome profile with no sensitive accounts, close unrelated tabs, avoid authenticated pages unless truly needed, require confirmation before form submissions or account-changing actions, and turn off remote debugging when finished.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • YARA SignaturesMalware Match, Webshell Match, Cryptominer Match
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The skill’s invocation criteria are extremely broad and instruct the agent to 'always start' with Chrome DevTools MCP for many generic research tasks. That can cause unnecessary use of a powerful browser-control capability, increasing the chance of accessing sensitive browser context when simpler, lower-privilege tools would suffice.

Missing User Warnings

High
Confidence
98% confidence
Finding
The setup guidance explicitly tells the user to enable remote debugging so the agent can access tabs, cookies, logins, and page state, but it does not provide a strong warning, consent checkpoint, or limitations on handling sensitive authenticated data. This creates a serious privacy and account-security risk because the agent may gain visibility into active sessions far beyond what is needed for routine web research.

Ssd 3

Medium
Confidence
96% confidence
Finding
The skill normalizes access to the user’s authenticated browser context as part of standard operation for ordinary research tasks. Even without overtly malicious behavior, this weakens the principle of least privilege and makes accidental exposure of account data, private content, or privileged internal pages much more likely.

Ssd 3

Medium
Confidence
87% confidence
Finding
Maintaining an audit trail of page URLs and visible claims can capture sensitive browsing activity, account identifiers, private page contents, or other session-derived information from live tabs. In a browser-attached workflow, logging this material increases persistence and secondary exposure of data that may otherwise have remained transient.

YARA rule 'info_stealer': Information stealer patterns (credential harvesting, browser data theft) [malware]

High
Category
YARA Match
Content
1. Open `chrome://inspect/#remote-debugging`
2. Toggle it on
3. That’s it — the agent can now see the user’s tabs, cookies, logins, and page state through Chrome DevTools MCP

Explain plainly that this uses **Chrome DevTools MCP** under the hood and **does not require a browser extension**.
Confidence
95% confidence
Finding
cookies, logins, and page state through Chrome

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.