Webchat Enhancer

Security checks across malware telemetry and agentic risk

Overview

The main WebChat enhancer is mostly a local UI userscript, but its package pushes unsafe terminal install paths and includes extra debug/test scripts that go beyond the advertised feature.

Install only after reviewing the userscript source directly and prefer the GreasyFork or manual Tampermonkey path. Avoid the curl-to-bash commands, especially the bit.ly version, and do not install the debug or test userscripts unless you intentionally want local console logging and test UI injection.

SkillSpector

By NVIDIA

Vulnerability Patterns

Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection

Findings (11)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 84% confidence
Finding: The skill advertises a simple UI enhancement but includes shell-based installation capability without declaring that elevated behavior. Hidden or undeclared execution capability reduces user transparency and can lead to arbitrary code execution during install, especially when combined with a remote script pipeline.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 88% confidence
Finding: There is a meaningful mismatch between the stated purpose and the broader observed behaviors, including opening external sites and references to debug/test userscripts that may inspect chat DOM or inject UI. When a package does more than users are told, it undermines informed consent and can conceal privacy-invasive or unsafe functionality.

Context-Inappropriate Capability

Medium

Confidence: 96% confidence
Finding: Piping a remotely fetched script directly into bash executes unreviewed code immediately on the user's machine. For a WebChat cosmetic enhancer, this is disproportionate to the stated purpose and creates a direct arbitrary code execution path if the remote content or hosting account is compromised.

Description-Behavior Mismatch

High

Confidence: 99% confidence
Finding: The page markets a simple WebChat UI enhancement, but it prominently instructs users to run a remote shell pipeline and references opening a localhost service. That installation flow materially exceeds the stated functionality and could install arbitrary software or modify the local system, creating a supply-chain and remote-code-execution risk.

Intent-Code Divergence

Medium

Confidence: 96% confidence
Finding: The content describes a harmless clickable-navigation enhancer, yet the instructions imply a broader local setup involving terminal execution and a localhost endpoint. This mismatch is dangerous because it can mislead users into granting far more trust and system access than the advertised feature set appears to require.

Description-Behavior Mismatch

Medium

Confidence: 89% confidence
Finding: This userscript is a standalone debugging tool that targets a local WebChat instance and inspects chat container structure, which does not align with the declared skill purpose of hover-expandable navigation and theme syncing. In a skill package, unrelated debug code increases attack surface and can expose sensitive UI state or message data through browser console logs, especially if left enabled in production.

Context-Inappropriate Capability

Medium

Confidence: 97% confidence
Finding: The script logs `msg.textContent.substring(0, 60)` for chat message elements, which can disclose user conversation content to the browser console without any need tied to the stated UI-enhancement functionality. Console output may be visible to other local users, captured in debugging sessions, screenshots, log collectors, or shared during support, creating an unnecessary privacy leak.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The instructions encourage direct download-and-execute behavior without warning that the command retrieves code from the internet and runs it immediately. This materially increases the likelihood of unsafe execution by non-expert users and magnifies the impact of repository or supply-chain compromise.

Missing User Warnings

High

Confidence: 99% confidence
Finding: A one-command 'curl | bash' install executes remote code directly from the network without verification, review, or pinning. Users are not warned that the command can run arbitrary shell commands with their user privileges, making compromise of the shortened URL, hosting, or downstream script highly dangerous.

External Script Fetching

Low

Category: Supply Chain
Content: ## ⚡ One-Command Install ```bash curl -sL https://raw.githubusercontent.com/yjin94606-art/webchat-enhancer/main/skills/webchat-enhancer/install.sh | bash ``` ---
Confidence: 95% confidence
Finding: curl -sL https://raw.githubusercontent.com/yjin94606-art/webchat-enhancer/main/skills/webchat-enhancer/install.sh | bash

Chaining Abuse

High

Category: Tool Misuse
Content: ## ⚡ One-Command Install ```bash curl -sL https://raw.githubusercontent.com/yjin94606-art/webchat-enhancer/main/skills/webchat-enhancer/install.sh | bash ``` ---
Confidence: 98% confidence
Finding: | bash

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal