Security audit

cside Site Scanner

Security checks across malware telemetry and agentic risk

Overview

This is a coherent website security scanner with expected privacy sensitivity around page screenshots and cookie/storage metadata, but no hidden install, persistence, or exfiltration behavior was found.

Install only if you want an agent-assisted website security scan. Use it on sites you own or have permission to test, and prefer a clean or unauthenticated browser profile for sensitive, payment, admin, or account pages. Do not include cookie values, tokens, or full browser storage contents in reports unless you explicitly need that deeper analysis and can handle the data safely.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill explicitly instructs extraction of all cookies plus localStorage and sessionStorage contents, which can contain sensitive authentication, tracking, or personal data. Without an explicit user warning, scope limitation, or minimization guidance, the skill may cause over-collection of browser data beyond what is necessary for a site security scan.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal