Skills
skills/openclaw/skills/browse/Gen Agent Trust Hub

browse

Warn

Audited by Gen Agent Trust Hub on Feb 12, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis

================================================================================

🟡 VERDICT: MEDIUM

This skill presents a MEDIUM risk primarily due to its reliance on unverified external dependencies and the execution of powerful commands from an untrusted source. While the skill's stated purpose is legitimate browser automation, the lack of trust in its underlying binaries and packages introduces potential vulnerabilities.

Total Findings: 4

🟡 MEDIUM Findings: • Unverifiable Dependencies

  • All skill files: The skill heavily relies on pnpm dlx @browserbasehq/sdk-functions init, pnpm install, pnpm bb dev, and pnpm bb publish commands. These commands download and execute code from the @browserbasehq organization, which is not listed as a trusted external source. This means the integrity and security of the downloaded code cannot be guaranteed at analysis time. Any malicious code within these dependencies could compromise the agent or its environment. • Command Execution
  • All skill files: The skill instructs the agent to execute numerous stagehand CLI commands, including stagehand eval <javascript_code>. The stagehand CLI is an external binary from an untrusted source. The stagehand eval command allows for arbitrary JavaScript execution within the browser context, which is a powerful capability. If the agent is manipulated to execute malicious JavaScript via this command, it could lead to data theft, further compromise, or other unintended actions.

🔵 LOW Findings: • Data Exfiltration (Intended Use)

  • SKILL.md, skills/functions/SKILL.md: The skill instructs the agent to use BROWSERBASE_API_KEY in curl commands to https://api.browserbase.com. It also shows how to store this key in local .env files or ~/.stagehand/config.json. While this involves sending a credential over the network, it is explicitly for interacting with the intended Browserbase service. The skill also explicitly advises against storing user credentials for login forms, indicating a general awareness of credential security. This is considered low risk as it's the intended functionality for the service.

ℹ️ TRUSTED SOURCE References: • No trusted external sources were identified in this skill. All external dependencies are from browserbasehq, which is not on the trusted list.

================================================================================

Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 12, 2026, 04:07 PM