browser-use

This skill is functionally coherent for its stated purpose (AI-driven browser automation), but it contains multiple high-risk elements for supply-chain and credential-exfiltration attacks. Key concerns: (1) it grants shell execution and filesystem access (Bash/Exec, Read/Write), (2) it shows reading and writing storage_state files that contain session credentials, (3) it recommends using third-party LLM endpoints (which will receive prompts and possibly API keys), (4) it disables browser security in examples, and (5) it enables autonomous real-world financial actions (wallet connection and transactions) without shown safeguards. These factors combined make the skill high-risk for credential harvesting and unauthorized transactions. Treat usage with strong operational controls: restrict allowed tools, require explicit per-action confirmations for any transaction, avoid disabling browser security, and only use trusted LLM endpoints with minimal credential exposure.