agent-browser

The skill presents a coherent and purpose-aligned browser automation tool with a well-defined workflow. It remains within expected capabilities for a developer-focused browser testing/automation CLI. Notable concerns center on supply-chain risk due to multiple runtimes/binaries (nix, npx, native daemon), and credential/state handling (password-stdin, auth.json) which could lead to secret exposure if not properly protected. No explicit exfiltration to unknown third parties is evident in the provided data flows, but the ability to persist and reuse credentials and state requires careful secret management and access controls. Overall, the risk is MEDIUM with suspicious hints due to external binaries and credential handling patterns; no definitive malicious activity is demonstrated.