Google Index Checker

Security checks across malware telemetry and agentic risk

Overview

This skill has a clear SEO lookup purpose, but it asks an agent to control a Chrome debugging session that may share your normal browser cookies and logged-in state.

Review before installing. If you use it, run Chrome with a dedicated temporary user-data directory and no personal logins, avoid connecting it to your everyday browser profile, and make sure cleanup only closes the tab it created.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill explicitly instructs use of Chrome remote debugging against a shared browser profile and notes that all tabs share the same cookie/login session, but it does not require isolation or a prominent warning to the user before access. CDP grants powerful inspection and control over browser state, so operating against a live personal profile can expose authenticated sessions, page contents, and other sensitive data beyond the intended Google query.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal