Token Efficient Web Operations en

Security checks across malware telemetry and agentic risk

Overview

This skill is a clearly disclosed browser UI automation/testing helper, but it should only be used with non-sensitive test pages and a reviewed browser extension.

Install only if you need browser UI automation testing. Use a separate browser profile with test accounts, review the external Chrome extension before loading it, and avoid private, financial, login, payment, medical, government, or business-sensitive pages.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

External Transmission

Medium

Category: Data Exfiltration
Content: 1. **Extension Level**: - ✅ Page JS Extension runs entirely in browser locally - ✅ Does not proactively send data to external servers - ✅ Data stored in memory, cleared when page closes 2. **Agent Level**:
Confidence: 82% confidence
Finding: send data to external

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal