Skills
skills/diverta/kuroco-skills/kuroco-mng-api-browser/Gen Agent Trust Hub

kuroco-mng-api-browser

Pass

Audited by Gen Agent Trust Hub on Feb 24, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructions direct the agent to use the mcp__claude-in-chrome__javascript_tool to execute asynchronous fetch commands within the browser context. This allows the agent to interact with the Kuroco Management API (mng_api) using the user's active session cookies.
  • [EXTERNAL_DOWNLOADS]: The documentation references the official Google Chrome Web Store for the installation of the required browser extension. These references target well-known and trusted services.
  • [SAFE]: The skill is provided by the vendor (Diverta inc.) and includes explicit security guidelines. It prohibits the extraction or logging of session tokens (HttpOnly cookies) and provides strategies for the agent to filter or summarize sensitive data (such as email addresses) before returning results, thereby minimizing the risk of data leakage to the model context.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 24, 2026, 06:20 PM