Web Navigator

Security checks across malware telemetry and agentic risk

Overview

This appears to be an unfinished template rather than a working web-navigation skill, with no malicious code or privileged behavior shown.

Before installing, understand that this likely will not provide useful web-navigation behavior yet. Prefer a completed version that explains when it activates, how it handles untrusted web content, and what actions it may take.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 96% confidence
Finding: The manifest description is still a TODO placeholder and does not define when this skill should be invoked or what boundaries it operates within. In an agent system, vague or missing trigger conditions can cause mis-selection of the skill, unintended use in inappropriate contexts, and unsafe downstream behavior because neither users nor orchestration logic have clear constraints.

Vague Triggers

Medium

Confidence: 98% confidence
Finding: The body of the skill is only template scaffolding and contains no actual operational guidance, constraints, or safe usage instructions. For a web-navigation skill, this is risky because browsing-related capabilities can reach untrusted content; without concrete procedures and guardrails, an agent may improvise behavior, mishandle external input, or operate beyond intended scope.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal