Back to skill

Security audit

Browser Automation

Security checks across malware telemetry and agentic risk

Overview

This browser automation skill is not clearly malicious, but it needs review because it combines broad web automation with an unverified global CLI install, persistent browser data, automatic downloads/screenshots, and automatic remote-browser use when keys are present.

Install only if you can inspect and trust the actual CLI package that `npm install` and `npm link` will expose. Use a dedicated browser profile and test accounts, explicitly choose local versus remote mode, avoid sensitive sites unless necessary, clear stored profile data when done, and manually confirm any form submission, account change, download, or scraping workflow.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The examples explicitly instruct users to enter usernames, passwords, and personal contact information into websites, but provide no warning about handling secrets, verifying trusted destinations, or avoiding credential reuse. In a browser automation skill, this is more dangerous because the tool can interact with arbitrary sites, and the note about persistent Chrome profiles increases the chance that credentials and session cookies remain stored across runs.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The documentation states that files are automatically downloaded to a local directory without warning users about local disk writes, file trust, or the risks of downloading untrusted content. For a browser automation skill, this expands the attack surface because a user may navigate arbitrary URLs and unintentionally retrieve malicious or sensitive files onto the host filesystem.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The reference explicitly states that screenshots are taken automatically after navigation and actions, and elsewhere documents automatic downloads and persistent browser profiles. In a browser automation skill, this creates a real privacy and data-handling risk because page contents, credentials, personal data, and downloaded files may be stored locally without a prominent user warning or consent mechanism.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The skill description is broad enough to match many ordinary browsing or information-seeking requests, which can cause the agent to invoke browser automation when simpler, safer handling would suffice. Because this skill can navigate sites, click elements, fill forms, and extract data, over-broad triggering increases the chance of unintended web actions and exposure to untrusted content.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill silently switches to a remote browser environment when credentials are present, with no user-facing warning or confirmation. This can route browsing activity, page content, session state, and possibly sensitive form interactions to a third-party service without explicit user awareness, creating privacy, compliance, and data-handling risks.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.