Security audit
Tap
Security checks across malware telemetry and agentic risk
Overview
Tap is a disclosed browser automation skill, but it can let an agent control logged-in browser sessions and publish content with limited artifact-level safeguards described.
Install only if you are comfortable letting an agent control an active browser tab. Prefer a separate browser profile or test accounts, review the binary, extension, and any community .tap.js scripts, and require explicit approval before posting, submitting forms, purchasing, changing account settings, or using it on sensitive pages.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
65/65 vendors flagged this skill as clean.
Static analysis
No suspicious patterns detected.
