next-browser

[Skill Scanner] Natural language instruction to download and install from URL detected All findings: [CRITICAL] command_injection: Natural language instruction to download and install from URL detected (CI009) [AITech 9.1.4] [HIGH] data_exfiltration: Outbound data post or form upload via curl/wget detected (NW002) [AITech 8.2.3] [HIGH] data_exfiltration: Outbound data post or form upload via curl/wget detected (NW002) [AITech 8.2.3] [HIGH] data_exfiltration: Outbound data post or form upload via curl/wget detected (NW002) [AITech 8.2.3] The provided file is a legitimate-seeming integration doc for a cloud browser automation service. It does not contain direct malware or obfuscated code, but it documents powerful autonomous capabilities (persisted credentials, residential proxies, CAPTCHA solving, and automated posting/upvoting) and explicitly recommends disabling approval checks (skip_plan_approval=true). These properties create a significant abuse risk (account takeovers, sockpuppetry, large-scale automation) and mean sensitive credentials and session data will be controlled by a third party. Before provisioning API keys or storing credentials in Nextbrowser, organizations should validate Nextbrowser’s security posture (encryption, retention and deletion policies, scoped API keys, audit logs), apply least privilege, enable human approvals, and monitor for abuse. LLM verification: Functionally legitimate API documentation for Nextbrowser, but high-risk due to enabling autonomous, approval-less browser actions that can post and interact on third-party sites and because it centralizes credentials/profiles on a remote service. No direct malware or obfuscated payloads were found in the provided text, but the capability footprint is disproportionate for non-privileged helpers and can be abused. Recommend treating this skill as high-risk: require explicit per-action approval, a