Security audit

Lockpicker

Security checks across malware telemetry and agentic risk

Overview

The skill is transparent about analyzing a user's own browser session, but it stores and reuses live session credentials in ways that deserve careful review.

Install only if you intentionally need to analyze and replay your own logged-in browser workflow. Treat HAR files and extracted cookie, CSRF, and authorization files like passwords: keep them private, out of repositories and shared folders, avoid pasting them into chat, review generated scripts before running them, prefer official APIs or scoped tokens when available, test one item first, and delete sensitive runtime files when finished.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (4)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 95% confidence
Finding: The skill clearly directs reading local reference files, writing extracted authentication material to local storage, and using network-derived browser session artifacts to replay authenticated web requests, yet it declares no permissions. That mismatch is dangerous because it hides sensitive capabilities from any permission or review layer and this particular skill is designed to extract and operationalize cookies, CSRF tokens, and authorization headers into reusable scripts.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The script deliberately extracts live authentication material from a HAR file and persists cookies, CSRF tokens, and Authorization headers as plaintext files on disk. Even if intended for a legitimate user workflow, these artifacts can be reused to impersonate the logged-in session if another local user, process, backup system, or malware gains access, and the surrounding skill context explicitly focuses on converting authenticated browser activity into reusable scripted requests, which raises the abuse potential.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: This script writes extracted HAR-derived request details to disk, and those details can include authentication cookies, authorization-bearing requests, and raw POST bodies copied from a logged-in browser session. In the context of this skill, HAR files are especially likely to contain highly sensitive session material, so persisting the summarized output without an explicit warning, redaction, or opt-in materially increases the risk of credential leakage and later compromise if the file is shared, backed up, or read by other local processes.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The script prints the full extracted request summary to stdout, including raw post_data_text, which may contain credentials, tokens, personal data, or other secrets captured from a user's authenticated browser traffic. In this skill's context, stdout disclosure is particularly dangerous because terminal history, logs, CI captures, shell redirection, or copied console output can unintentionally expose reusable authentication material.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.