Browser Proof

Security checks across malware telemetry and agentic risk

Overview

Browser Proof is a local browser-QA reporting helper that creates evidence manifests and reports, with no hidden network, credential, installer, or background behavior found.

Use this only for browser QA evidence you intend to save locally. Before sharing the generated manifest, report, screenshots, DOM dumps, console logs, network logs, or videos, review and redact secrets, cookies, tokens, private URLs, account data, and personal information.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 88% confidence
Finding: The skill invokes local Python scripts that read and write files, but the manifest does not declare those capabilities as permissions. This creates a transparency and trust problem: a user or platform may invoke the skill without realizing it can modify manifests and reports on disk, increasing the chance of unintended file access or tampering within the agent workspace.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: This skill is designed to collect screenshots, DOM dumps, console logs, network logs, and reports for external sharing, all of which can easily contain sensitive data such as PII, session details, internal URLs, or tokens. Although the bundle rules say not to store secrets, the user-facing description does not prominently warn users to review and sanitize evidence before sharing, making accidental data leakage more likely.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal