Security audit
page-agent 浏览器控制(CDP)
Security checks across malware telemetry and agentic risk
Overview
This is a disclosed browser-automation skill, but it deserves review because it directs users to install an external global CLI and run it against their normal logged-in browser profile.
Install only if you trust and can independently verify the page-agent CLI release. Prefer a separate browser profile with no sensitive logins, enable remote debugging only while needed, avoid optional LLM run mode unless you understand what page data may be sent, and require explicit confirmation before posting, buying, deleting, uploading, or submitting anything.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
64/64 vendors flagged this skill as clean.
Static analysis
No suspicious patterns detected.