browser-act

Security checks across malware telemetry and agentic risk

Overview

This browser automation skill is mostly transparent about what it does, but it asks to be used very broadly while enabling powerful browser, session, form, screenshot, and network-capture actions.

Install only if you need full browser automation rather than simple page fetching. Prefer isolated browser profiles, avoid connecting personal or work Chrome sessions unless necessary, and manually review any login, form submission, file upload, captcha-solving, or authenticated account action before allowing it to proceed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The skill description and frontmatter trigger conditions are extremely broad, instructing invocation whenever users mention browser-act by name or for a large set of generic web tasks. This can cause the agent to invoke a powerful browser automation capability in situations where simpler, lower-privilege tools would suffice, increasing the chance of unintended navigation, session use, authenticated actions, or exposure to adversarial web content.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal