Security audit

Browser Capture

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only browser image capture skill with disclosed local saves and browser actions, but users should be careful with downloads and proxy use.

Install only if you are comfortable letting the agent open webpages, inspect page image elements, click page controls, and save screenshots or image downloads locally. Avoid using it on sensitive logged-in pages, review any curl or copy path before execution, and do not use proxy services unless you explicitly trust them and have permission to access the target site.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (3)

Description-Behavior Mismatch

Medium

Confidence: 93% confidence
Finding: The documentation instructs users to use curl to download arbitrary image URLs directly to the filesystem, which exceeds the declared screenshot/browser-capture scope and introduces an uncontrolled network-to-disk write path. In an agent setting, this can be abused to fetch unexpected content, store untrusted files locally, or bypass any safety expectations tied to the browser toolchain.

Context-Inappropriate Capability

Medium

Confidence: 97% confidence
Finding: Recommending proxy services to get past Cloudflare or similar protections encourages bypassing access controls that are outside the skill's stated purpose. This guidance can facilitate access to sites that are intentionally blocking automation, increasing legal, policy, and misuse risk for a generic browsing skill.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The markdown tells the operator to download files into user-accessible paths without any warning about filesystem side effects, trust boundaries, or validation of the downloaded content. In an agent workflow, silent local writes of untrusted remote content can lead to data handling issues, accidental overwrites, or storage of unsafe files under misleading extensions.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.