Back to skill

Security audit

Agent Vision Scraper

Security checks across malware telemetry and agentic risk

Overview

This skill openly automates stealth web scraping, CAPTCHA solving, and credentialed login flows, so it should go to Review before users install it.

Install only for authorized testing or automation on systems you own or have explicit permission to test. Do not use it to bypass third-party anti-bot protections or CAPTCHAs. Before running it, inspect or obtain the missing Dockerfile, avoid passing real credentials in command arguments, restrict any API keys, assume screenshots may leave your machine, and disable or secure VNC instead of exposing port 5900 without a password.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (11)

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The code explicitly instructs the agent to detect, analyze, and solve visual CAPTCHAs, then continue operating after anti-bot checks. CAPTCHA solving is an anti-abuse bypass capability rather than ordinary scraping functionality, and in this file it is paired with automation-evasion behavior, making the intended use highly suspicious.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The script loads a stealth plugin and disables browser automation indicators to reduce detection by target sites. These are classic anti-detection measures that facilitate unauthorized scraping or abuse by making automation harder for defenders to identify.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The README states that screenshots are sent to an LLM for visual analysis but does not clearly warn that page contents, potentially including sensitive user data, credentials, or internal information, may be transmitted to third-party model providers. In a browser automation tool, this omission can cause operators to unknowingly expose confidential data outside their environment.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The examples promote automated login and data scraping, including credential entry, without warning about secure credential handling, authorization requirements, or privacy implications for scraped data. This can normalize unsafe use and increase the likelihood of credential leakage, unauthorized access, or collection of personal data.

Missing User Warnings

High
Confidence
98% confidence
Finding
The script automates CAPTCHA solving without any explicit warning, user confirmation, or authorization check. This is dangerous because it silently enables bypass of anti-bot protections that many services rely on to prevent abuse, fraud, and unauthorized access.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The example explicitly demonstrates using credentials to log into a third-party site via automated browser control, but the skill provides no warning about authorization, account ownership, or terms-of-service implications. In the context of a scraping/login automation skill, omitting those guardrails increases the likelihood of misuse for unauthorized account access or credentialed automation against external services.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill advertises stealth scraping and AI-based CAPTCHA solving specifically to bypass anti-bot and challenge mechanisms, without any warning or restriction around third-party impact. Because CAPTCHA and bot-detection controls are defensive barriers, documenting their circumvention as a feature materially increases the risk of abusive scraping, unauthorized automation, and evasion of service protections.

Ssd 4

High
Confidence
97% confidence
Finding
The README explicitly advertises CAPTCHA bypass, stealth anti-bot evasion, and automated scraping as core features, framing harmful access-enabling behaviors as normal functionality. In this context, the documentation increases operational misuse risk by instructing users toward evasion of access controls rather than legitimate automation alone.

Ssd 4

High
Confidence
98% confidence
Finding
The example provides a concrete harmful access sequence: detect and solve a CAPTCHA, enter credentials, and submit a login. This is dangerous because it operationalizes bypass of a defensive control and directly facilitates unauthorized account access when pointed at real targets.

Ssd 1

High
Confidence
99% confidence
Finding
The system-level prompt explicitly tells the agent to use vision capabilities to interpret CAPTCHA challenges, click or fill the required responses, and continue after passing the challenge. Embedding anti-bot bypass instructions at the highest instruction level strongly increases risk because it steers the autonomous agent toward defeating access controls by design.

Ssd 4

High
Confidence
99% confidence
Finding
The workflow explicitly instructs the agent to run stealth browser automation, detect a CAPTCHA, solve it using vision, and submit it together with credentials to log into a site. In this context, the skill is not merely browser automation; it operationalizes evasion of anti-bot controls and automated account access, which can facilitate unauthorized intrusion, scraping at scale, and abuse of protected services.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.