agent-browser

The agent-browser manifest describes legitimate browser automation functionality with typical input/output and state-persistence features. While the intended use is benign, the combination of credentials in auth.json, cookies/localStorage, and environment-supplied encryption keys creates meaningful at-rest and access-control risks. Appropriate safeguards—such as strict file permissions, encryption key management, least-privilege execution, and auditable session handling—are essential for secure deployment. Overall, the design is sound for its purpose but warrants rigorous operational security controls.