agent-browser

[Skill Scanner] Installation of third-party script detected This SKILL.md describes a legitimate headless browser automation CLI. The documented capabilities (eval, cookies/storage access, state save/load, file upload, network routing) are expected for such a tool but are high-risk if used with untrusted inputs or by an untrusted agent. There is no explicit malicious behavior, obfuscation, or suspicious external installs in this fragment. Recommend treating the tool as high-privilege: only grant to trusted agents/users, audit state files (which contain session credentials), and avoid running eval or automatic flows on untrusted pages. Minor repo reference inconsistency is noted but not indicative of malware. LLM verification: The provided documentation describes a full-featured browser automation CLI whose capabilities are consistent with legitimate automation tasks but include multiple high-privilege primitives (cookie/storage access, request interception, file upload, credential setting) that materially increase risk of credential exposure or traffic manipulation if misused. No direct malicious code or obvious exfiltration is visible in the docs, but absence of implementation artifacts prevents confirming the binar