agent-browser

[Skill Scanner] Installation of third-party script detected All findings: [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] The document is a coherent, feature-rich guide for a browser automation CLI. It contains legitimate and expected capabilities for such a tool, but also several high-risk features (arbitrary JS eval in page context, session save/load to disk, explicit guidance to reuse an existing CDP/browser instance, and base64-encoded eval payloads). These capabilities can be abused to harvest credentials, exfiltrate sensitive data, or operate within the user's authenticated browser sessions. I did not find explicit malicious code or embedded exfiltration endpoints in the provided text, but the documented features require strict runtime controls: restrict eval usage, require explicit user consent before connecting to existing browsers or loading session state, encrypt and protect saved states, and log/inspect eval payloads where feasible. Treat this package as high-privilege tooling that must be sandboxed and audited before use. LLM verification: Overall, the skill’s described purpose and capabilities are coherent for browser automation, but there are moderate supply-chain and execution-trust concerns highlighted by static analysis. The main actionable items are to (a) clarify and restrict build/install provenance and signing, (b) confirm that shell-like patterns in docs cannot be inadvertently executed by automation agents, and (c) define explicit data-flow boundaries for state persistence and telemetry. If these safeguards are in place