agent-browser

The skill footprint is broadly coherent with its stated purpose of browser automation for AI agents. The core risk is the installation flow that downloads and executes a remote script (curl|bash) during setup, which is a known supply-chain/vector risk even when checksum verification is claimed. Other risk vectors are moderate: potential exposure of credentials via user-provided inputs, handling of video/screenshot artifacts, and proxy configuration. Overall, the package is SUSPICIOUS to BENIGN depending on governance around the installer source; the download-and-execute pattern elevates it to a securityRisk that warrants closer review of the distribution process, source trust, and handling of sensitive artifacts.