browser

No direct malware or exfiltration logic is demonstrated in this fragment; it is documentation for a powerful browser automation CLI. However, it explicitly exposes high-risk primitives—especially caller-controlled arbitrary JavaScript execution in a page context, alongside credential entry, DOM inspection, and screenshot capture. Treat the associated MCP/tabz capability surface as elevated risk and ensure strict authorization, auditing, and restrictions around selector/value/script inputs before use in any untrusted or multi-tenant context.