Back to skill

Security audit

AgentBrowser

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed browser automation skill with expected sensitive capabilities, but no artifact evidence of hidden behavior, exfiltration, or unsafe automatic actions.

Install only if you trust the external agent-browser npm package and upstream browser tooling. Treat saved state files, cookies, credentials, screenshots, PDFs, videos, traces, and network logs as sensitive; avoid using the skill on important logged-in accounts unless needed, store artifacts in protected locations, and clear saved browser state when finished.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill documents saving and loading authenticated browser state and setting HTTP credentials, but it does not warn that these artifacts may contain session cookies, tokens, and other secrets that can be reused to impersonate a user. In an agent context, encouraging persistent auth state without storage-handling guidance increases the risk of credential leakage or unintended cross-task reuse.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The documentation promotes screenshots, PDFs, and video recording that write page contents to local files, but it does not warn that these files may capture credentials, personal data, internal dashboards, or other sensitive content. For agent-operated browsing, silent artifact creation can leave durable copies of confidential information on disk.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.