Agent Browser

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward browser-automation skill, but users should treat saved browser state and cookies as sensitive account access.

Install only if you trust the external agent-browser package source. Use explicit care on logged-in websites, avoid committing saved auth files, keep cookie/storage output out of logs, and prefer isolated sessions or test accounts for automation.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill explicitly recommends saving and loading browser auth state to skip login flows, but provides no warning that these files can contain active session cookies, tokens, and other sensitive browser storage. In an agent context, this can encourage insecure handling or reuse of credential-bearing state files, increasing the risk of account takeover or unintended cross-session access if the files are exposed or misapplied.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill documents commands to read and modify cookies and localStorage without any caution about privacy, integrity, or session security implications. Because these mechanisms often carry authentication tokens, CSRF state, and user data, normalizing unrestricted access in an agent skill can lead to credential leakage, session manipulation, or accidental corruption of application state.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal