Back to skill

Security audit

wang

Security checks across malware telemetry and agentic risk

Overview

This browser automation skill is coherent, but it gives agents broad control over authenticated web sessions and saved browser state without enough safety guidance.

Install only if you trust the external agent-browser package and are comfortable giving an agent broad browser-control powers. Use test or least-privilege accounts, require explicit approval before purchases, posts, uploads, deletions, or admin changes, and treat saved state files, cookies, storage dumps, screenshots, PDFs, videos, traces, and network logs as sensitive secrets that should be protected and deleted when no longer needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Rogue AgentSelf-Modification, Session Persistence
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill explicitly documents saving video, PDF, screenshots, and browser state to local files, including persisted session state via `auth.json`, but never warns that these artifacts may contain cookies, tokens, credentials, or sensitive page content. In an agent context, this can lead to unintentional retention or later reuse of secrets from authenticated sessions.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill exposes commands for setting credentials, manipulating cookies and storage, adding headers, and inspecting network requests without any privacy or secret-handling guidance. These capabilities can reveal or replay authentication material and sensitive application data, especially when used by an autonomous agent across real sites.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The documented browser interactions include clicking, typing, checking boxes, selecting values, uploads, drag-and-drop, and key presses that can submit forms, trigger purchases, delete data, or otherwise modify remote state. The skill provides no caution about destructive or irreversible actions, which is risky for agent-driven execution on live systems.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill explicitly documents commands to read, set, clear, save, and reload cookies, localStorage, credentials, and session state, but provides no warning that these artifacts can contain authentication tokens, PII, or other secrets. In an agent context, this increases the chance that operators or downstream automations will persist or expose sensitive session data insecurely.

Session Persistence

Medium
Category
Rogue Agent
Content
```bash
agent-browser state save auth.json    # Save session state
agent-browser state load auth.json    # Load saved state
```

## Example: Form submission
Confidence
95% confidence
Finding
Load saved state

Session Persistence

Medium
Category
Rogue Agent
Content
agent-browser wait --url "/dashboard"
agent-browser state save auth.json

# Later sessions: load saved state
agent-browser state load auth.json
agent-browser open https://app.example.com/dashboard
```
Confidence
96% confidence
Finding
load saved state

VirusTotal

41/41 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.