Back to skill

Security audit

Agent Browser Cli.Bak.Skip

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed browser-automation instruction skill; it can click, fill forms, submit pages, take screenshots, and suggest scheduled check-ins, but those capabilities match its stated purpose and no hidden or malicious behavior is evident.

Install only if you want an agent to control a browser through this CLI. Verify the npm package before global installation, avoid putting real passwords in scripts, review pages before submit/check-in clicks, and avoid screenshots or scraping on private pages unless you are comfortable with the captured content.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger conditions are broad enough to match many ordinary browsing or research requests, which can cause the automation skill to activate when a safer, less privileged approach would suffice. Because this skill can click, fill, submit, and navigate pages, over-triggering increases the chance of unintended actions on third-party sites and expands the attack surface for prompt-injection or unsafe automation flows.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill provides workflows for signing in, filling credentials, clicking submit/check-in buttons, and taking screenshots, but it omits warnings about sensitive data handling, irreversible submissions, account actions, or capture of private page content. In a browser automation context, these omissions are dangerous because users may unknowingly authorize actions that expose credentials, submit forms, trigger transactions, or store sensitive screenshots without review.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.