Open Chrome Tabs

Security checks across malware telemetry and agentic risk

Overview

This skill openly helps an agent read Chrome or Chromium tab lists, which is privacy-sensitive but matches its stated purpose.

Install only if you are comfortable letting an external npm CLI and the agent see browser tab URLs and titles, including synced-device tabs. Prefer one-off npx use, request a specific profile or device when possible, and avoid using it on browser profiles containing sensitive work, financial, health, or personal tabs.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: This skill is explicitly designed to read the user's currently open and synced browser tabs, which can reveal highly sensitive information such as internal work resources, personal accounts, recovery links, and browsing habits. The documentation describes this capability as normal usage but does not provide a clear privacy warning, consent requirement, or data-minimization guidance, making accidental over-collection and privacy harm more likely.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal