Chrome Session Attach

Security checks across malware telemetry and agentic risk

Overview

This skill plainly helps an agent control a user-selected local Chrome tab, but the browser access and gateway token should be treated as sensitive.

Install only if you want the agent to control selected Chrome tabs. Keep the gateway token private, keep the gateway bound to 127.0.0.1, attach only the tab needed for the task, avoid banking/admin/email or other highly sensitive tabs unless necessary, and detach when finished.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill enables an agent to attach to and control an already logged-in user Chrome tab, including navigation, clicks, typing, screenshots, and closing tabs, but it does not provide an explicit warning about the sensitivity of those actions. In this context, omission of a clear warning is dangerous because users may unknowingly grant access to authenticated sessions, allowing destructive actions or exfiltration of sensitive on-page data from real accounts.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal