Skills
NYC
skills/iamzhihuix/happy-claude-skills/browser/Gen Agent Trust Hub

browser

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHCREDENTIALS_UNSAFEDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
  • [CREDENTIALS_UNSAFE] (HIGH): The scripts/start.js file includes a --profile flag that uses rsync to copy the user's entire Google Chrome profile—containing sensitive authentication cookies, saved passwords, and history—from ~/Library/Application Support/Google/Chrome/ to a cache directory for use by the automated browser. This exposes the user's active sessions to the AI agent.
  • [DATA_EXFILTRATION] (HIGH): The skill provides tools (eval.js, pick.js, screenshot.js) that can extract data from the browser. When combined with the --profile synchronization, an attacker or a malicious prompt could instruct the agent to navigate to sensitive sites (banking, email, internal tools) where the user is already logged in, extract data via JavaScript, and potentially exfiltrate it.
  • [COMMAND_EXECUTION] (MEDIUM): The scripts/eval.js script uses new AsyncFunction to execute arbitrary strings as JavaScript code within the browser context. While this is the intended purpose of the tool, it provides a direct execution vector for any instructions passed to the agent.
  • [COMMAND_EXECUTION] (MEDIUM): Several scripts (start.js) use execSync and spawn to run system commands such as killall, mkdir, and rsync. The rsync command specifically targets sensitive home directory paths.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 05:09 PM