analyzing-browser-forensics-with-hindsight
Analyze Chromium-based browser artifacts using Hindsight to extract browsing history, downloads, cookies, cached content, autofill data, saved passwords, and browser extensions from Chrome, Edge, Brave, and Opera for forensic investigation.
69
62%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Critical
Do not install without reviewing
Optimize this skill with Tessl
npx tessl skill review --optimize ./skills/analyzing-browser-forensics-with-hindsight/SKILL.mdSecurity
2 findings — 1 critical severity, 1 high severity. Installing this skill is not recommended: please review these findings carefully if you do intend to do so.
E005: Suspicious download URL detected in skill instructions
What this means
Detected a suspicious URL in the skill instructions that could lead the agent to download and execute malicious scripts or binaries. This includes links to executables from untrusted sources, typosquatting of official packages, URL shorteners that obscure the destination, and personal file hosting services.
Why it was flagged
Suspicious download URL detected (high risk: 0.85). The list mixes legitimate developer/documentation links (GitHub, Medium, Chromium) with multiple high‑risk indicators — a direct .exe on a suspicious CDN, phishing/typosquat domains, raw Pastebin, and personal/cloud file‑sharing links (Google Drive, MEGA, transfer.sh) which are common vectors for distributing malware, so overall the set should be treated as suspicious.
W007: Insecure credential handling detected in skill instructions
What this means
The skill handles credentials insecurely by requiring the agent to include secret values verbatim in its generated output. This exposes credentials in the agent’s context and conversation history, creating a risk of data exfiltration.
Why it was flagged
Insecure credential handling detected (high risk: 1.00). The skill instructs extracting cookies, login data, and session tokens from browser profiles and its example output includes session/auth token entries, which requires the agent to read and potentially output secret values verbatim (high exfiltration risk).
- Repository
- mukul975/Anthropic-Cybersecurity-Skills
- Commit
888bbe4
- Audited
- Security analysis
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.