Trust Assessment
camoufox-stealth-browser received a trust score of 29/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 5 findings: 1 critical, 2 high, 2 medium, and 0 low severity. Key findings include Persistence / self-modification instructions, Potential data exfiltration: file read + network send, Arbitrary file write via screenshot/output path.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Persistence / self-modification instructions Shell RC file modification for persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/kesslerio/camoufox-stealth-browser/scripts/camoufox-session.py:293 | |
| HIGH | Potential data exfiltration: file read + network send Function 'fetch_api' reads files and sends data over the network. This may indicate data exfiltration. Review this function to ensure file contents are not being sent to external servers. | Static | skills/kesslerio/camoufox-stealth-browser/scripts/curl-api.py:103 | |
| HIGH | Arbitrary file read/write via cookie import/export paths The `camoufox-session.py` script allows users to specify arbitrary file paths for `--import-cookies` and `--export-cookies`. An attacker controlling these arguments could:
- **Import (Read)**: Attempt to read any file on the system (e.g., `/etc/shadow`) by making the script try to load it as JSON. While it might fail to parse, the content would be read, constituting data exfiltration.
- **Export (Write)**: Write sensitive session cookies to an arbitrary location, potentially overwriting system files or exposing credentials. The `profile_name` argument is sanitized, but `import_cookies` and `export_cookies` are not. Sanitize or restrict the allowed file paths for `--import-cookies` and `--export-cookies`. Ensure that these paths are within a designated, sandboxed directory, or validate them against a whitelist of allowed locations. | LLM | scripts/camoufox-session.py:130 | |
| MEDIUM | Arbitrary file write via screenshot/output path The `camoufox-fetch.py` script allows users to specify arbitrary file paths for the `--screenshot` and `--output` arguments. An attacker controlling these arguments could write files to sensitive locations on the system, potentially overwriting critical system files or injecting malicious content. This is a common vulnerability in command-line tools that accept file paths without sanitization. Sanitize or restrict the allowed file paths for `--screenshot` and `--output`. Consider writing to a designated, sandboxed directory, or validating that paths are within an allowed output directory. | LLM | scripts/camoufox-fetch.py:79 | |
| MEDIUM | Arbitrary file write via output path The `curl-api.py` script allows users to specify an arbitrary file path for the `--output` argument. An attacker controlling this argument could write response content to sensitive locations on the system, potentially overwriting critical system files or injecting malicious content. This is a common vulnerability in command-line tools that accept file paths without sanitization. Sanitize or restrict the allowed file paths for `--output`. Consider writing to a designated, sandboxed directory, or validating that paths are within an allowed output directory. | LLM | scripts/curl-api.py:100 |
Scan History
Embed Code
[](https://skillshield.io/report/b099bb5c63ceae43)
Powered by SkillShield