automating-browser

The install.sh script is not itself malicious: it contains no obfuscated code, no hard-coded secrets, and no direct network calls other than invoking standard tooling (npm and the installed CLI). However, it performs an unpinned, unauthenticated installation from the npm registry and then executes the installed package, which creates a supply-chain risk. If the agent-browser package or any of its transitive dependencies are compromised or intentionally malicious, running this script can lead to arbitrary code execution, data exfiltration, or system modification. Mitigations: pin package versions, verify package signatures/checksums where possible, audit the agent-browser npm package and its dependencies, run installation in a sandboxed environment (container/VM), and review what `agent-browser install` does before running in production.