Back to skill

Security audit

PinchTab Browser Ops

Security checks across malware telemetry and agentic risk

Overview

This is a coherent browser-automation skill, but it can act inside logged-in browser sessions and create account drafts, so users should review it before installing.

Install only if you are comfortable letting an agent control a browser profile that may already be logged into websites. Use a dedicated browser profile when possible, verify the PinchTab CLI separately, handle login and 2FA manually, and require explicit confirmation before submissions, saved drafts, purchases, account changes, public posts, or eval use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The skill description is overly broad and can activate for generic website use, content collection, or publishing tasks without tight boundaries on authorization, data sensitivity, or user intent. In a browser-automation skill, broad triggering is risky because it can cause the agent to take real-world actions on third-party sites or collect content in situations where a narrower, explicitly user-approved tool should be required.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill explicitly automates creation of Xiaohongshu content and defaults to saving a visible draft in the user's logged-in account, but it does not clearly foreground that account state will be modified by default before execution. In an agent setting, this can surprise users, create unintended drafts under their identity, and increase the chance of unauthorized or accidental account actions if the workflow is triggered without explicit consent.

Natural-Language Policy Violations

Medium
Confidence
84% confidence
Finding
The skill is specialized for Xiaohongshu posting and is written in Chinese, but the embedded defaults and workflow imply Chinese-language output conventions without clearly presenting language choice as a user-controlled option. This is lower severity than direct account modification, but it can still cause unintended content generation, mismatched user expectations, or accidental publication/drafting in the wrong language or tone.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.