Webperf Loading

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent Chrome DevTools web-performance toolkit, with expected page-inspection behavior and a couple of privacy cautions rather than evidence of harmful activity.

Install if you need DevTools-based loading performance audits. Run it only on sites you are authorized to inspect, and be careful on banking, admin, internal, or authenticated pages because the snippets can read page/resource metadata and one CSS analysis path can make additional stylesheet requests from the browser.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Missing User Warnings

Low

Confidence: 92% confidence
Finding: The script iterates over document stylesheets and, when direct cssRules access fails, performs a network fetch of the stylesheet URL to read its contents. This can trigger additional requests to third-party origins from the user's browser without clear disclosure or consent, potentially exposing user IP/addressing metadata and interacting with external infrastructure unexpectedly during analysis.

Autonomous Decision Making

Medium

Category: Excessive Agency
Content: ## Decision Tree Use this decision tree to automatically run follow-up snippets based on results: ### After TTFB.js
Confidence: 89% confidence
Finding: automatically run

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal