Back to skill

Security audit

podman-browser

Security checks across malware telemetry and agentic risk

Overview

This skill does what it claims: it runs a temporary containerized browser to fetch web pages, with normal browser-network and isolation cautions.

Install this only if you are comfortable with the agent launching Podman containers and making real web requests. Treat fetched page content as untrusted, avoid sensitive internal or authenticated URLs unless deliberate, and consider stronger isolation or pre-pinned dependencies for high-security environments.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill explicitly instructs users to fetch arbitrary URLs with a headless browser, which will generate outbound requests to third-party sites and disclose the user's IP address and related network metadata. Because the documentation presents this as routine usage without a clear privacy/security warning, users may unknowingly contact untrusted sites or internal URLs, increasing exposure during scraping tasks.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
This script accepts an arbitrary URL from the command line and automatically loads it in a headless browser, causing outbound network requests without any user-facing warning, restriction, or validation. In an agent/skill context, this can be abused to make requests to attacker-controlled sites or internal endpoints, creating SSRF-style access, network probing, or unintended disclosure through fetched content.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.dangerous_exec

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
browse.js:130