Skills
skills/antibrow/anti-detect-browser-skills/anti-detect-browser/Snyk

anti-detect-browser

Fail

Audited by Snyk on Mar 18, 2026

Risk Level: CRITICAL
Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

  • Insecure credential handling detected (high risk: 0.90). The prompt includes multiple code/config examples that embed API keys, proxy credentials, and Authorization headers as literal values (e.g., key: 'your-api-key', proxy URLs with user:pass, env vars with ANTI_DETECT_BROWSER_KEY), which would require the LLM to place secret values verbatim into generated commands or code—creating an exfiltration risk.

CRITICAL E006: Malicious code pattern detected in skill scripts.

  • Malicious code pattern detected (high risk: 0.90). The content describes a tool explicitly designed to evade detection and facilitate multi-account abuse (anti-detect fingerprints, profile persistence, proxy rotation, fingerprint rotation), provides remote-control capabilities for AI agents (MCP server/tools like evaluate/navigate), and includes features that can leak/expose sensitive session data (shareable live-view URLs, downloadable fingerprint/profile data), all of which are high-risk enablers of deliberate abuse (fraud, account takeover, large-scale scraping, credential/session exfiltration) even though no hidden obfuscated backdoor or direct remote-exec payload is present in the text.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly shows MCP server mode and tool calls (e.g., navigate, get_content) plus examples like "Scraping with fingerprint rotation" and visiting arbitrary URLs (twitter, shop.example.com, urlsToScrape) where the agent fetches and evaluates public webpage text, so untrusted third-party web content can be read and influence subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.90). The MCP server config runs "npx anti-detect-browser --mcp", which at runtime fetches and executes the anti-detect-browser package from the npm registry (e.g. https://registry.npmjs.org/anti-detect-browser), creating a clear remote-code-execution dependency.

Issues (4)

W007
HIGH

Insecure credential handling detected in skill instructions.

E006
CRITICAL

Malicious code pattern detected in skill scripts.

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata
Risk Level
CRITICAL
Analyzed
Mar 18, 2026, 06:53 AM
Issues
4