My Browser Control

Security checks across malware telemetry and agentic risk

Overview

This skill openly does one narrow thing: opens a user-provided website in the default macOS browser.

Install this only if you want your agent to open browser pages for you. Use it with specific sites you meant to visit, and be cautious with unfamiliar, shortened, or unexpected links because the destination will load in your browser.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The skill metadata explicitly allows opening arbitrary websites from flexible user input such as names, partial URLs, and full URLs, but it does not describe any confirmation step, allowlist, or safety boundary. In an agent setting, this can be abused for phishing, drive-by navigation, or surprising browser actions triggered from ambiguous prompts, making the broad behavior a real security concern even though it appears intended as convenience functionality.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill description says it can open arbitrary websites in a macOS browser but does not clearly warn that invoking the skill causes an external side effect in the user's browser. Lack of disclosure increases the chance of deceptive or unintended navigation, especially when combined with agent autonomy and user prompts that may not make the browser-opening action obvious.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal