Webperf

Security checks across malware telemetry and agentic risk

Overview

This is a coherent web performance helper that guides an agent to use Chrome DevTools for user-requested page audits.

Reasonable to install for web performance work. Because it may lead an agent to run JavaScript in a browser page context, use it only on pages you intend to audit and review any external snippets before running them on sensitive logged-in sites.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The manifest description contains broad trigger phrases such as "analyze performance" and "or similar," which can cause the agent to invoke this skill for loosely related requests outside strict web performance debugging. Overbroad routing increases the chance of unintended tool use against arbitrary URLs or contexts, especially because the workflow explicitly drives browser navigation and script evaluation.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal