Back to skill

Security audit

Web Research Assistant

Security checks across malware telemetry and agentic risk

Overview

This is a real web research skill, but it explicitly promotes bypassing paywalls, CAPTCHA or verification checks, and geographic/IP restrictions.

Review this skill carefully before installing. Use it only for lawful, authorized research, not to bypass paywalls, CAPTCHA, anti-bot checks, or regional/licensing restrictions. Avoid sending confidential, personal, regulated, or secret information in queries unless you have reviewed and accepted BrowserAct's data-handling terms.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (9)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill documentation describes capabilities involving environment variable access, network use, and file output, but no explicit permission declaration is present. That mismatch weakens transparency and user consent, making it easier for a skill to access secrets like API keys and write research output without a clear trust boundary.

Intent-Code Divergence

High
Confidence
99% confidence
Finding
The documentation explicitly claims a built-in mechanism to bypass reCAPTCHA and other human verification challenges. This is a direct anti-bot evasion capability, which can facilitate unauthorized access to services and intentional circumvention of site protections.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The skill advertises use when paywalls block extraction and promotes unrestricted access when primary access is restricted. For a web research assistant, this goes beyond normal browsing and signals intent to circumvent access controls that protect licensed or restricted content.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
Advertising the ability to break geographic or IP-based restrictions is an evasion feature unrelated to ordinary research assistance. It enables access to region-restricted resources in ways that may violate provider controls, legal requirements, or organizational policy.

Missing User Warnings

High
Confidence
96% confidence
Finding
The documentation promotes use against paywalls and geographic restrictions without a clear warning that such conduct may be unauthorized or prohibited. That omission increases the likelihood of misuse because users are encouraged toward access-control circumvention without any safety boundary.

Natural-Language Policy Violations

High
Confidence
99% confidence
Finding
Natural-language instructions claiming CAPTCHA bypass indicate the skill is positioned to evade anti-automation safeguards. In context, this is especially dangerous because it normalizes unauthorized automation against protected websites rather than handling challenges safely.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
User-provided queries and the resulting research workflow are sent to an external third-party service by default, but the CLI does not present a prominent consent or privacy warning before transmission. In a research assistant context, queries may contain sensitive business, legal, medical, or personal information, making silent third-party disclosure a real privacy and data-governance risk.

Ssd 2

High
Confidence
98% confidence
Finding
The wording around restricted access, paywalls, and blocked websites promotes evasion of access controls even without stating the exact mechanism. Such paraphrased promotion is still dangerous because it encourages using the skill to defeat protections rather than to perform legitimate research.

Ssd 2

High
Confidence
99% confidence
Finding
The feature list semantically advertises evading CAPTCHA, IP restrictions, and geofencing through indirect phrasing. These are anti-protection bypass claims, and in a research-assistant context they strongly suggest the tool is designed to overcome safeguards that websites intentionally impose.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.