Back to skill

Security audit

Tap

Security checks across malware telemetry and agentic risk

Overview

Tap is a disclosed browser automation skill, but it can let an agent control logged-in browser sessions and publish content with limited artifact-level safeguards described.

Install only if you are comfortable letting an agent control an active browser tab. Prefer a separate browser profile or test accounts, review the binary, extension, and any community .tap.js scripts, and require explicit approval before posting, submitting forms, purchasing, changing account settings, or using it on sensitive pages.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.