agent-browser-2

This skill manifest documents a legitimate-seeming CLI for headless browser automation; its declared capabilities (snapshots, refs, sessions, network routing, state save/load) are coherent with the stated purpose. The primary security concerns are supply-chain and credential risks: (1) the installer step downloads Chromium without specifying origin/checksum, creating a download-execute supply-chain vector; (2) state save/load exposes local authentication data which, if mishandled or if the CLI is compromised, could lead to credential theft; and (3) network routing/mocking gives the tool the ability to intercept and modify web traffic. None of the documentation indicates deliberate obfuscation or explicit data exfiltration, and there is no direct evidence of malware in the provided text. I rate this as not overtly malicious but medium risk due to supply-chain and credential exposure vectors — appropriate mitigations are to require provenance and checksums for binary downloads, restrict or encrypt saved state files, audit package postinstall scripts and dependencies, and require human approval before autonomous agent execution of powerful commands.