agent-browser

The agent-browser manifest documents a useful browser automation capability but it instructs installing and running an external CLI without pinned versions or provenance details. Primary risks are supply-chain (unverified npm install and undefined 'agent-browser install'), potential credential exposure and exfiltration when automating logins, and lack of transparency about telemetry or additional downloads. Recommended mitigations before use: pin package versions and verify checksums, audit the agent-browser package and any post-install behavior, require explicit user confirmation for any credential handling or form submissions, avoid global installs in sensitive environments, run the CLI in isolated, auditable environments (containers or VMs), and enable network egress controls/monitoring for the installed tool. The manifest itself does not show direct malicious code, but operational instructions create moderate supply-chain and data-exposure risk.