stealth-browser

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill asks the user to supply CAPTCHA API keys and proxy credentials and includes examples that embed plaintext secrets (e.g., proxy URLs, API keys, and a hardcoded password), which would require the agent to accept and/or output secret values verbatim—an exfiltration risk.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). The package is explicitly built to evade detection and bypass protections (Cloudflare, CAPTCHAs), automate logins, persist sessions and rotate proxies — highly dual-use and readily enables account takeover, scraping of protected content, and abuse of online services; I found no obfuscated backdoor, remote shell, or covert exfiltration, but the intentional anti-detection and automated credential/session persistence behaviors present a high abuse risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill autonomously opens and interacts with arbitrary public websites (e.g., page.get(url) in scripts/stealth_session.py, cf_bypass.py, smart_login.py and the SKILL.md "Open Stealth Page" / "When user asks to login to any website" workflow), ingests their HTML/cookies/localStorage, and makes decisions (switching headed/headless, form-filling, CAPTCHA injection, session saving) based on that untrusted third-party content—allowing indirect prompt-injection-like influence on agent actions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly instructs bypassing security mechanisms (e.g., launching browsers with --no-sandbox), running persistent containers, and storing secrets/sessions on the host, which encourages compromising the machine's security state.