Back to skill

Security audit

Webchat Extension

Security checks across malware telemetry and agentic risk

Overview

This skill is for a browser AI chat extension, but it asks for broad webpage and clipboard access with persistence and install-time system changes that users should review carefully.

Install only if you are comfortable with a browser extension and local backend that can use selected webpage text, copied text, and clipboard contents as AI context. Avoid using it on password managers, admin consoles, private documents, regulated data, or confidential work pages unless you have verified the extension/backend code and disabled or controlled clipboard ingestion. On Windows, review any protocol registration and launcher behavior before allowing the one-click backend startup path.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
85% confidence
Finding
The trigger description is broad enough to activate on generic requests about asking AI about selected webpage text, which can cause the skill to run outside its intended deployment/setup context. That increases the chance an agent invokes a browser extension that captures webpage and clipboard context when the user only wanted general advice, creating unnecessary data exposure and unintended side effects.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The 'when to use' section mixes software deployment tasks with ordinary 'ask AI about webpage text' use cases, making it unclear whether the skill should build/install tooling or simply answer the user's question. In an agentic environment, that ambiguity can lead to overbroad invocation of a local extension/backend that reads webpage context and clipboard data.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly describes collecting selected or copied webpage text and sending it through a local backend to an AI service, but it does not provide a clear privacy warning or consent boundary. Users may unknowingly transmit sensitive page content, credentials, internal documents, or regulated data to the backend/AI pipeline.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The usage section says the tool can automatically collect clipboard contents and question text into context, but it lacks an explicit warning that clipboard data often contains highly sensitive information unrelated to the current webpage. Automatic capture expands the data boundary beyond the visible selection and can exfiltrate secrets or personal data to the backend/AI without sufficiently informed user intent.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.