Super Browser

Security checks across malware telemetry and agentic risk

Overview

This is a coherent browser automation skill, but it gives broad control over a real logged-in Chrome session without enough user-safety boundaries.

Install only if you trust the npm package and are comfortable letting it control a real Chrome session. Prefer a separate Chrome profile or test account, confirm every upload, form submission, purchase, post, or other account-changing action, avoid sensitive sites during network inspection, and stop the daemon or CDP-enabled browser when finished.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill explicitly encourages reuse of an existing logged-in Chrome session, browser-side network inspection, file uploads, and navigation of real sites, but it does not warn about exposure of cookies, authenticated content, personal data, or account actions. In an agent setting, this can lead users or downstream systems to invoke powerful browser automation against sensitive sessions without informed consent or guardrails, increasing the risk of privacy breaches and unintended account activity.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal