Skills
skills/sundial-org/awesome-openclaw-skills/browser-use/Gen Agent Trust Hub

browser-use

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [Prompt Injection] (HIGH): Indirect Prompt Injection surface via the 'Tasks' autonomous subagent. The skill ingests untrusted web content from the live internet which can contain malicious instructions. Evidence: Task execution in SKILL.md processes external data without boundary markers or sanitization. Capability inventory includes browser control and config modification.
  • [Command Execution] (MEDIUM): The skill performs configuration modification via gateway config.patch. This allows the skill to redefine the agent's browser endpoint to external, third-party controlled CDP URLs. Evidence: 'Connect Clawdbot to the browser' section in SKILL.md.
  • [Data Exfiltration] (LOW): Systematic communication with api.browser-use.com (non-whitelisted) sends task prompts and retrieves session data. While functional, it poses a risk of exposing sensitive data to an untrusted external domain.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 12:23 AM