remote-browser

[Skill Scanner] Instruction directing agent to run/execute external content This skill is functionally coherent for its stated goal (remote cloud browser automation) and does not contain code-level obfuscation or direct malware indicators. However it exposes multiple high-risk capabilities — arbitrary JS eval, persistent Python REPL, creation of public session share URLs, and tunnels that expose local servers — and accepts '--secret' metadata which transmits arbitrary secrets to the remote cloud. Those features make accidental or intentional credential/data exfiltration feasible if the cloud provider, task logs, or shared URLs are compromised or misused. Recommendation: treat as SUSPICIOUS for sensitive workflows — only use with trusted provider, avoid sending secrets or exposing sensitive local services, and enforce strict access/retention controls on sessions and task logs. LLM verification: This skill's documented purpose (remote browser automation) matches most of its capabilities. However, it exposes several high-risk primitives — arbitrary JS eval, remote Python execution, cookie import/export, and an asynchronous 'run' task facility — that permit credential harvesting and data exfiltration if misused or if the underlying 'browser-use' service is untrusted. The documentation omits concrete information about where the remote browser provider runs and how data is protected in tran