agent-browser

[Skill Scanner] [Documentation context] Natural language instruction to install third-party software This SKILL.md documents a legitimate-looking browser automation CLI with powerful capabilities that are coherent with its stated purpose. However, several high-impact features (session state save/load, file upload, network request interception, and broad agent execution rights via Bash(agent-browser:*)) are risk-amplifying in an AI agent context and could be abused to capture or exfiltrate credentials and sensitive data. No direct evidence of malware in the document, but the supply-chain install step and the broad permissions justify treating this skill as suspicious/vulnerable and applying tighter controls and audits before use. LLM verification: [LLM Escalated] The documented skill (SKILL.md) describes a capable browser automation CLI whose features are consistent with its purpose. I found no direct evidence of obfuscated or malicious code in this documentation artifact, but multiple high-privilege features (arbitrary JS eval, network interception, file upload, and saving session state to disk) create straightforward channels for credential exposure and data exfiltration if a malicious agent, untrusted script, or compromised package is involved. Treat