Back to skill

Security audit

Browser Fu

Security checks across malware telemetry and agentic risk

Overview

This instruction-only browser automation skill is coherent, but it needs review because it encourages logged-in browser profile and cookie-backed API use without tight approval boundaries.

Review before installing. Use this skill only if you are comfortable with the agent inspecting browser sessions and website API traffic. Require explicit approval before using logged-in profiles, copying cookies into commands, querying internal/authenticated APIs, or collecting data beyond the specific task you requested.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The skill description contains broad trigger phrases such as 'scrape website', 'browser not working', and 'automate this website' that overlap with many ordinary user requests. This can cause the skill to be invoked too often, expanding access to browser automation and API-discovery guidance in contexts where it may be unnecessary or unsafe, including high-risk scraping or authenticated-session scenarios.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly advises reusing browser session cookies for authenticated API calls without any caution about secret handling, scope limitation, logging, or user consent. Session cookies are bearer credentials; exposing, copying, or replaying them can enable account access or data retrieval beyond the user's intent, especially in an automation context that encourages direct API use behind a website UI.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.