Back to skill

Security audit

agent-browser

Security checks across malware telemetry and agentic risk

Overview

This is a legitimate browser automation skill, but it gives an agent broad control over logged-in browser sessions and local file uploads without enough safety guidance.

Install only if you are comfortable allowing an agent to control browser sessions. Use test accounts or isolated sessions where possible, protect saved state files like passwords, do not commit them, and require explicit user approval before uploads, credential entry, account-changing actions, cookie/storage access, recording, tracing, or network interception.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly documents saving and loading browser session state using an auth.json file, which likely contains reusable cookies, tokens, and other authenticated session artifacts. Without any warning about sensitivity, retention, encryption, or safe storage, users or downstream agents may persist credentials insecurely and later reuse or leak them.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The upload command enables transmission of arbitrary local files to remote websites, but the skill provides no warning that using it can exfiltrate sensitive local data. In an agent setting, this is especially risky because an agent may be induced by page content or prompt context to upload unintended files.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill documents setting HTTP basic-auth credentials directly on the command line without warning that command-line arguments may be exposed via shell history, process listings, logs, or transcripts. This can lead to accidental credential disclosure even when the browser action itself is legitimate.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
Video recording and tracing can capture page contents, typed inputs, session identifiers, and other sensitive information, yet the skill presents these features without any privacy or secret-handling warning. In a browser automation context, recordings often include authenticated pages and therefore create durable artifacts containing sensitive data.

VirusTotal

43/43 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.