Back to skill

Security audit

Midscene Web

Security checks across malware telemetry and agentic risk

Overview

This is a legitimate browser-automation skill, but it needs Review because it can operate logged-in Chrome sessions and send page screenshots to a configured AI model provider.

Install only if you are comfortable letting this skill run an external Midscene npm package, use your configured model API key, and potentially view or act inside logged-in browser sessions. Prefer isolated Puppeteer mode for ordinary browsing, use a dedicated Chrome profile/tab for account work, disable CDP or Bridge access when finished, and require explicit approval before purchases, payments, posting, form submission, deletion, or account changes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly instructs the agent to connect to and operate the user's existing Chrome when login state is needed, which can expose authenticated sessions, private data, and sensitive account actions. Because the guidance lacks an explicit consent, privacy, and scope warning, an agent may access or manipulate real user accounts without making the risk clear to the user.

Missing User Warnings

Low
Confidence
89% confidence
Finding
The CDP guidance states that `connect --url` will navigate the existing active tab, but it does not clearly warn that this can interrupt the user's current browsing session, discard in-progress work, or change context in a logged-in tab. In a skill designed to control a real user browser, that omission increases the chance of unintended disruption or unsafe actions in the wrong tab.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.