browser-use

[Skill Scanner] Social engineering lure: skill claims external tool is required and directs to URL for setup All findings: [CRITICAL] supply_chain: Social engineering lure: skill claims external tool is required and directs to URL for setup (SC008) [AITech 9.1.4] [CRITICAL] command_injection: Instruction directing agent to run/execute external content (CI011) [AITech 9.1.4] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] This CLI skill’s core automation features are benign for browser testing and scraping, but it exposes multiple high-risk operations that can lead to credential or data exfiltration if misused or if the cloud backend is untrusted: copying/syncing full local Chrome profiles, exporting/importing cookies, creating public tunnels, sharing live sessions, and attaching --secret metadata to cloud tasks. No explicit malicious code is visible in this document, but the documented capabilities create credible supply-chain and privacy risks. Recommend: treat profile-sync and full-cookie export as sensitive operations, restrict to domain-scoped sync only, avoid using remote mode or session-sharing with untrusted providers, and require explicit user confirmation and strong auditing/retention policies on the cloud backend. LLM verification: The skill's documentation describes legitimate browser automation features but includes several high-risk operations that facilitate credential forwarding and exposure (full Chrome profile copy, cookie export/import, public session sharing, tunnels, and passing secrets to remote tasks). There is no explicit malicious code in the provided document, but the combination of convenient credential-export commands and cloud execution primitives creates plausible exfiltration vectors if the implementati