Back to skill

Security audit

CDP浏览器大师

Security checks across malware telemetry and agentic risk

Overview

This skill asks an agent to control your logged-in browser and includes guidance for extracting and reusing session cookies without strong safety limits.

Install only if you intentionally want an agent to automate a browser profile that may already be logged in. Use a dedicated browser profile with throwaway or limited accounts, avoid extracting or storing cookies, and do not use the anti-detection or session-reuse guidance on sites where you lack explicit permission.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • YARA SignaturesMalware Match, Webshell Match, Cryptominer Match
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Missing User Warnings

High
Confidence
96% confidence
Finding
The skill explicitly targets automation through a user's already logged-in browser and advertises HttpOnly cookie retrieval, but it does not present a prominent warning that this can expose authenticated sessions and sensitive credentials. In context, that omission is dangerous because the skill is designed to operate inside trusted local browser state, which materially increases the chance of unauthorized account access or data extraction.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The instructions tell users to force-kill browser processes to enable remote debugging without clearly warning about disruption, unsaved work loss, or termination of unrelated browser/webview processes. This is risky because the skill operates on a live user browser and can cause collateral impact beyond the intended automation task.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill provides anti-detection and Cloudflare bypass guidance, including automation-evasion tactics, but omits clear warnings about legal, contractual, and policy risks. In this context, that omission increases danger because the package is purpose-built to automate authenticated browsing against defended sites and normalize bypass behavior.

Missing User Warnings

High
Confidence
98% confidence
Finding
The HttpOnly cookie retrieval section gives direct instructions for extracting highly sensitive session cookies via CDP or browser storage, but it does not provide a strong warning about credential sensitivity or session hijacking risk. Because HttpOnly cookies are specifically protected from normal page scripts, documenting how to extract them from a logged-in browser materially raises the risk of account takeover and unauthorized reuse.

Ssd 3

High
Confidence
99% confidence
Finding
This section explicitly describes retrieving both regular and HttpOnly cookies from a logged-in user's browser session, including CDP commands and browser SQLite paths. In context, that is credential-harvesting guidance: successful exploitation can enable session theft, impersonation, lateral access to web accounts, and persistence across protected services.

Ssd 3

Medium
Confidence
95% confidence
Finding
The Cloudflare bypass guidance recommends reusing a previously validated session cookie to maintain automated access after challenge completion. That facilitates persistence of authenticated or challenge-cleared sessions and can be used to evade access controls or continue unauthorized automation under a borrowed session state.

YARA rule 'info_stealer': Information stealer patterns (credential harvesting, browser data theft) [malware]

High
Category
YARA Match
Content
- **Edge被联想Vantage占用端口**:杀掉`msedgewebview2.exe`实例再启动你的Edge
- **HttpOnly Cookie**:`document.cookie`拿不到,用CDP `Network.getCookies`
- **Next.js SPA内部导航**:直接navigate到子路由404,需先入可访问页再JS点击
- **div菜单点击**:侧边栏菜单多是`<div cursor-pointer>`,不能用CDP鼠标事件,必须JS `element.click()`
- **反爬升级**:网站可能随时加强检测,定期验证自动化是否仍有效

---
Confidence
91% confidence
Finding
cookies = await edge

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.