Back to skill

Security audit

Agent Browser

Security checks across malware telemetry and agentic risk

Overview

This is a browser automation skill whose sensitive features are expected for testing and debugging, but users should handle captured browser data carefully.

Install only if you need Playwright browser automation. Treat screenshots, traces, videos, console logs, request logs, persistent profiles, and saved state files as potentially sensitive because they may contain page content, cookies, tokens, personal data, or internal API details. Keep those files out of source control, restrict access, and delete them when no longer needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill explicitly recommends saving and reusing browser session state via local files such as auth.json, but it does not warn that these files can contain sensitive cookies, tokens, or other authentication artifacts. In an agent context, this increases the chance that credentials are persisted insecurely, reused across tasks, or exposed through logs, shared workspaces, or source control.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill documents screenshots, PDFs, video recording, console/error capture, and network request inspection as normal workflow features without warning that these outputs may capture sensitive page content, authentication data, personal information, or internal API details. In a browser automation skill, these collection features can easily exfiltrate or over-retain secrets if operators or downstream agents treat the outputs as harmless artifacts.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.