Back to skill

Security audit

Browser Smart Click

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed browser-click helper, with the main caution that it may automatically accept cookie or consent banners while clearing obstacles.

Install only if you want an automation helper that may clear popups and cookie banners during browser tasks. Use auto_dismiss=False or review calls carefully when privacy consent, account dialogs, purchases, or other meaningful site actions could be affected.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The documentation explicitly promotes automatically dismissing cookie banners, dialogs, and overlays, including matching affirmative consent text such as 'accept', 'agree', and 'allow', without warning that these actions may alter privacy preferences or trigger meaningful site actions. In a browser automation skill, this is risky because users may unintentionally grant consent, accept tracking, or interact with non-consent dialogs in ways that change account, legal, or transactional state.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill automatically clicks consent and accept controls on behalf of the user when it detects cookie banners or overlays. This can silently grant tracking, data-processing, or other permissions without explicit user intent, which is especially risky in browser automation where 'accept' may have legal, privacy, or state-changing consequences beyond merely dismissing UI obstacles.

VirusTotal

49/49 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.