Back to skill

Security audit

Scrapfly Browser

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly coherent documentation for Scrapfly browser automation, but it includes under-scoped instructions to install and run an internal-network proxy connector via an unverifiable shell one-liner.

Install only if you trust Scrapfly and intentionally need this browser/proxy capability. Treat the BYOP connector as sensitive internal infrastructure: avoid the one-line shell install unless you can verify the installer and binary, use least-privilege hosts, document approval for internal or PHI workflows, and revoke API keys or connector certificates when no longer needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The BYOP section expands the skill from remote browser automation into installing and running a local network connector inside the customer's environment. That materially increases trust and attack surface because it enables traffic routing through an internal host and includes operational guidance for a binary that could access allow-listed portals, internal apps, or sensitive environments.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The documentation shows the API key embedded directly in the WebSocket URL, which increases the chance of credential disclosure through logs, copied examples, browser history equivalents, telemetry, screenshots, or error reporting. In this skill's context, the key grants access to a remote browser/proxy service, so exposure can lead to unauthorized usage, billing abuse, or misuse of proxy-backed automation.

Missing User Warnings

High
Confidence
99% confidence
Finding
The skill instructs users to pipe a remotely fetched script directly into the shell, which is a classic arbitrary code execution pattern with no integrity verification or warning. In context this is especially dangerous because it installs software inside the customer's network and could be abused to execute attacker-controlled code on a trusted internal machine.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.