AgentBrowse

Security checks across malware telemetry and agentic risk

Overview

AgentBrowse is a clearly described browser-automation skill with disclosed CLI installation and expected API-key setup for AI-assisted page reading.

Install only if you trust the npm package and need browser automation. Use a dedicated API key, protect the local config file, and avoid AI-assisted observe or extract on pages containing credentials, payment details, or sensitive personal data unless that sharing is approved.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The guide instructs users to store an API key in a local config file but does not warn about persistence, file permissions, shared-machine exposure, backups, or accidental inclusion in support bundles. In a browser automation tool, that credential may grant access to AI-assisted page observation and extraction features, so silent local storage increases the chance of credential theft or misuse.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal