Web Auto Analyzer

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Lighthouse website-auditing skill, but it deserves review because it opens user-supplied sites in Chrome with the sandbox disabled and saves detailed audit artifacts by default.

Install only if you are comfortable running local Node/npm code and Chrome automation. Prefer auditing sites you control, avoid authenticated or sensitive internal URLs unless isolated, remove or avoid the --no-sandbox flag when possible, and review or redact saved reports before keeping them in memory or sharing them.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Description-Behavior Mismatch

Medium

Confidence: 90% confidence
Finding: The template significantly broadens a simple website-auditing skill into persistent collection and retention of historical analysis data, issue tracking, and report file references. That expansion increases data retention and scope without clear minimization or bounded storage rules, which can create privacy, over-collection, and unintended information-management risk if used on third-party or sensitive sites.

Context-Inappropriate Capability

Low

Confidence: 76% confidence
Finding: Including competitor analysis extends the skill from technical Lighthouse auditing into broader intelligence gathering on third-party websites. While the data is likely public and technical, this feature increases the chance of misuse for unauthorized monitoring or collection beyond the user's own assets.

Missing User Warnings

Medium

Confidence: 82% confidence
Finding: The script accepts a user-supplied URL, fetches and analyzes it in Chrome/Lighthouse, then stores detailed results including the full raw Lighthouse result object to disk by default. That can persist sensitive page metadata, internal URLs, page content-derived findings, and environment details without clear user warning or explicit opt-in, which is risky in enterprise or internal-site use cases.

Missing User Warnings

Medium

Confidence: 98% confidence
Finding: The troubleshooting command `echo '{"type": "module"}' > package.json` blindly overwrites `package.json`, destroying existing scripts, dependencies, and configuration. In a quick-start guide, users may copy-paste this verbatim, causing accidental project corruption and potentially breaking builds or security-related package settings.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal