Back to skill

Security audit

Agent Browser

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only browser automation skill; its session and cookie features are sensitive but disclosed and aligned with the stated purpose.

Install only if you trust the external agent-browser package source. Use isolated sessions or test accounts where possible, keep saved auth files out of source control and logs, restrict file permissions, and avoid dumping or changing cookies/storage on production or personal accounts unless necessary.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill explicitly documents saving and loading browser auth state, which commonly includes session cookies and local/session storage data, but provides no warning that these files are sensitive credentials. In an agent context, that omission can lead users or downstream automation to persist reusable authentication material insecurely, increasing the risk of account compromise if the files are exposed or reused across contexts.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill exposes commands to read and modify cookies and browser storage without warning that these values often contain session identifiers, CSRF tokens, PII, or other secrets. In a headless browser skill intended for AI agents, this increases the chance that sensitive data will be logged, mishandled, or altered in unsafe ways during automation workflows.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.