claude-browser

The claude-browser skill provides powerful, legitimate browser automation for use in a user's real authenticated session. That same design grants broad access to sensitive artifacts (cookies, console logs, network data) and capabilities to act on behalf of the user, which elevates the security risk. There is no direct evidence of malware or obfuscation in the provided content, but the feature set is high-risk by intent and requires strict operational safeguards (explicit consent, whitelisted upload endpoints, limited privilege for inspection and execution). Treat this package as sensitive: review and harden upload/telemetry flows, enforce per-action confirmation, and restrict access to environments where users and administrators trust the extension and back-end services.