chrome-cdp-controller

Security checks across malware telemetry and agentic risk

Overview

This skill has a legitimate Chrome automation purpose, but it gives broad control over a live browser session and under-discloses sensitive network and local-file capabilities.

Review before installing. Use a dedicated temporary Chrome profile with no important logins, keep remote debugging local and temporary, avoid broad network interception on sensitive sites, and only pass local file paths when you intentionally want the agent to upload or execute that content.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (9)

Missing User Warnings

Medium

Confidence: 86% confidence
Finding: The skill advertises browser automation and network interception but does not warn that these features can capture sensitive content such as cookies, tokens, page data, prompts, and authenticated API responses from the user's live browser session. In the context of an agent skill, this omission is dangerous because users may treat the capability as routine automation without understanding that it can observe or extract highly sensitive session data.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The instructions tell users to start Chrome with --remote-debugging-port=9222 but omit that anyone who can reach that port can gain broad control over the browser, including reading page content, executing JavaScript, interacting with authenticated sites, and intercepting network data. Because the skill is specifically designed to attach to an existing browser session, the context makes this more dangerous: it may expose active logged-in sessions and local browsing context rather than an isolated automation environment.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The instructions tell users to kill all Chrome processes and relaunch Chrome with a DevTools remote debugging port exposed, but they do not warn that this can terminate active browsing sessions, lose unsaved state, and expose a highly privileged browser control interface. In the context of a browser-automation skill, enabling CDP is expected, but omitting safety guidance makes it easier for users to expose localhost debugging endpoints that can be abused by local malware or misconfiguration.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The Windows guidance force-kills all Chrome instances and opens a remote debugging port without noting that users may lose tabs, form input, or ongoing work, and that the debug port grants deep control over the browser. Although the purpose is legitimate automation setup, the lack of warning and hardening advice creates avoidable operational and security risk.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The Linux commands terminate all Chrome processes and restart Chrome with remote debugging enabled, but they do not disclose the privacy and control implications of exposing CDP. In this skill, CDP access is core functionality, which makes the behavior expected, yet the missing warnings still represent a real safety issue because users may enable it on their normal browsing profile without understanding the consequences.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The automation script silently kills Chrome and relaunches it in debug mode, which increases the chance that users will run it without appreciating that it disrupts existing sessions and opens a privileged debugging interface. Because this is packaged as a convenience script, it is more likely to be reused blindly, increasing the practical risk compared with one-off manual commands.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The example explicitly demonstrates starting network interception and retrieving captured traffic, but provides no warning that intercepted requests and responses may contain credentials, session tokens, personal data, or other sensitive application content. In a Chrome CDP control skill, this capability is especially sensitive because it can observe live browser traffic from authenticated sessions, making accidental privacy violations or misuse more likely.

Missing User Warnings

Low

Confidence: 76% confidence
Finding: The ChatGPT automation example sends user-provided text to an external service, but the documentation does not warn that prompts may leave the local environment and be transmitted to a third party. While this is common browser automation behavior, the absence of a notice can lead users to submit sensitive or regulated data without realizing it is being shared externally.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The interception feature stores full response headers and bodies for matching document/XHR/fetch traffic, which can capture session tokens, API keys, personal data, CSRF tokens, or page content from authenticated browsing contexts. In this skill's context, the agent controls a real local Chrome session and can navigate arbitrary sites, so indiscriminate capture materially increases the risk of sensitive-data collection and exfiltration.

VirusTotal

VirusTotal engine telemetry is currently stale for this artifact.

View on VirusTotal