Back to skill

Security audit

Remote Browser Service

Security checks across malware telemetry and agentic risk

Overview

This is a documented remote-browser automation skill with sensitive session persistence, but the behavior is purpose-aligned and disclosed in the artifact.

Install only if you are comfortable using rb.all-completed.com as a remote browser backend. Prefer ephemeral sessions or delete stored sessions after sensitive work, and avoid leaving logged-in profiles stored unless you intend future agents to reuse them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly documents that stored sessions persist the whole browser profile, including cookies, storage, IndexedDB, Service Workers, and cache, but the top-level description does not clearly warn users that sensitive authenticated state may survive across sessions. In a remote-browser tool, this omission increases the risk of users or downstream agents unintentionally reusing privileged sessions, exposing accounts or personal data through restored state.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.