Agent Browser 0

Security checks across malware telemetry and agentic risk

Overview

This is a legitimate browser automation skill, but it gives agents broad access to authenticated web sessions and browser data without enough safety boundaries.

Install only if you trust the upstream agent-browser npm package and are comfortable giving an agent control over browser sessions. Use isolated sessions or test accounts, avoid sensitive sites unless necessary, and require explicit approval before entering credentials, uploading files, submitting forms, running eval, reading cookies/storage, inspecting network traffic, or saving auth state.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill explicitly documents saving and loading browser session state and setting credentials/cookies/storage, but provides no warning that these operations can persist authentication tokens, cookies, or other secrets to disk. In an agent context, this increases the chance that sensitive session material is stored insecurely, reused across tasks, or exposed to other tools/users on the same system.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal