Back to skill

Security audit

PW Browser Setup

Security checks across malware telemetry and agentic risk

Overview

This skill mostly performs browser automation setup as advertised, but it needs review because it makes broad host changes and contains unsafe handling around screenshots and browser execution.

Install only in a disposable workspace, VM, or container where system packages, global npm packages, and browser binaries are acceptable. Do not pass untrusted screenshot paths to verify-browser.sh, avoid running the browser as root, and use the Feishu commands only for screenshots you have reviewed and intentionally want to send externally.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The Feishu upload and messaging instructions are unrelated to core browser setup and expand the skill from local environment configuration into external data transmission. That scope creep is dangerous because screenshots produced during verification can contain sensitive content and are encouraged to be sent off-host without strong justification, review, or constraints.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The documentation instructs users to capture a browser screenshot and upload/send it to Feishu without any warning that screenshots may contain secrets, internal pages, session information, or personal data. In a browser automation context this is more dangerous because screenshots often reflect live authenticated sessions and rendered sensitive content.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.