Web Quality Audit

Security checks across malware telemetry and agentic risk

Overview

This is a powerful browser-automation skill, but the sensitive capabilities are disclosed and fit its stated purpose.

Install only if you want an agent to control a browser. Avoid using it on banking, medical, admin, internal, or logged-in pages unless you intend the agent to inspect that content, and delete screenshots, snapshots, traces, and storage-state files that may contain private data or auth tokens.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 83% confidence
Finding: The skill encourages navigation, snapshotting, text extraction, screenshots, and DOM evaluation against arbitrary sites but never warns about handling sensitive data, authenticated sessions, or third-party content. In an agent setting, this can lead to unintended collection or exposure of private page content, especially when run on internal, staged, or logged-in applications.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal