Browser History

Security checks across malware telemetry and agentic risk

Overview

This skill is an instruction-only Chrome history helper, but it targets a named person's private browsing history and includes stealth-prone browser controls.

Only install this if you are authorized to inspect that Chrome profile. Use narrow searches, avoid dumping recent or most-visited history unless truly needed, do not use the Chrome hiding command, sanitize search terms before putting them into SQL, and delete any /tmp history copy after use.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (5)

Context-Inappropriate Capability

Medium

Confidence: 96% confidence
Finding: The skill's stated purpose is searching Chrome history, but it also includes commands to open arbitrary URLs in Chrome and hide/minimize the browser via AppleScript. Those extra capabilities are unrelated to passive history lookup and enable covert browser manipulation, which could be used to conceal activity from the user while accessing or acting on sensitive browsing data.

Intent-Code Divergence

Medium

Confidence: 94% confidence
Finding: The skill is presented as a simple history-search utility, but the embedded instructions expand its scope into active browser manipulation. This mismatch is dangerous because it disguises broader, more invasive behavior under a benign description, increasing the chance of unauthorized or covert use.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill directly targets a named person's Chrome history and provides instructions to retrieve visited URLs without any warning that browser history is sensitive personal data. Omitting a privacy warning lowers friction for misuse and normalizes access to potentially confidential, identifying, or intimate browsing activity.

Ssd 3

High

Confidence: 98% confidence
Finding: The skill explicitly instructs the operator to search and disclose a named individual's Chrome browsing history, including URLs, videos, and sites visited. This is a direct privacy-invasive capability that can expose sensitive personal behavior, accounts, interests, and work context, making it dangerous even without further exploitation.

Ssd 4

Medium

Confidence: 97% confidence
Finding: The skill provides an operational sequence for working around file locks by copying the Chrome History database and then includes steps to open URLs and hide Chrome. Together, these instructions facilitate covert access to private browsing data and reduce the likelihood that the user notices the activity, which materially increases abuse potential.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal