browser-use
Warn
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFE
Full Analysis
- [COMMAND_EXECUTION]: The
browser_engine.pyscript contains_run_cmdand_pip_installfunctions that utilizesubprocess.check_callto execute shell commands and install Python packages. This is used for environment setup, such as installing Playwright, Patchright, and Camoufox binaries. - [REMOTE_CODE_EXECUTION]: The
evaluateaction inactions.pyallows the agent to execute arbitrary JavaScript code within the browser context. While gated by an environment variable (BROWSER_USE_EVALUATE), this provides a powerful mechanism for page manipulation and data extraction. - [EXTERNAL_DOWNLOADS]: The skill automatically downloads browser binaries (Chromium, Firefox, and the specialized CloakBrowser) and third-party Python packages from PyPI and GitHub during initialization or when specific stealth tiers are activated.
- [CREDENTIALS_UNSAFE]: The skill manages persistent browser identities, saving cookies, localStorage, and a
credentials.jsonfile within the user's home directory (~/.browser-use/profiles). It implements a "dual-mode" injection system to automatically fill secrets into web forms. - [DATA_EXFILTRATION]: Actions such as
cookies_export,storage_get, andextract(HTML to Markdown conversion) provide built-in mechanisms for retrieving and exporting sensitive session data from the browser to the local filesystem or agent context.
Audit Metadata