Agent Browser Tianjin

Security checks across malware telemetry and agentic risk

Overview

This is a legitimate browser automation skill, but it gives agents broad control over authenticated web sessions and saved session files without enough safety guidance.

Install only if you need agent-driven browser automation and trust the external agent-browser package. Use isolated browser sessions, avoid high-value logged-in accounts, treat saved state files and captured media as secrets, delete them after use, and require explicit confirmation before submissions, uploads, purchases, posts, deletions, or account changes.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill explicitly documents saving and loading browser session state, which commonly includes cookies and authentication tokens, but provides no warning that these artifacts are sensitive secrets. In an agent context, this can lead to credential/session leakage through insecure storage, accidental reuse across tasks, or exfiltration of persistent authenticated state.

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal