中文 EN

Scan Report

Scan New Files

Low Risk — Risk Score 5/100
Last scan:23 hr ago Rescan
5 /100
fast-browser-use
Rust-powered browser automation via Chrome DevTools Protocol
This is a legitimate Rust-based browser automation library using Chrome DevTools Protocol with no malicious behavior detected. All capabilities align with documented browser automation functionality.
Skill Namefast-browser-use
Duration59.4s
Enginepi
Safe to install
Approve for use. The evaluate tool allows arbitrary JavaScript execution in browser context, which is expected behavior for browser automation and clearly documented.
ResourceDeclaredInferredStatusEvidence
Filesystem WRITE WRITE ✓ Aligned screenshot.rs:37, annotate.rs:145 - File writes scoped to user-specified paths
Network READ READ ✓ Aligned session.rs:189 - Uses headless_chrome for HTTP requests to websites
Shell NONE NONE No subprocess/Command::new in production code
Environment NONE NONE Only requires CHROME_PATH for browser binary location
Skill Invoke NONE NONE No cross-skill invocation capabilities
Clipboard NONE NONE No clipboard access detected
Browser WRITE WRITE ✓ Aligned Full browser automation via CDP protocol
Database NONE NONE No database access
12 findings
🔗
Medium External URL 外部 URL
https://www.clawhub.ai/rknoche6/fast-browser-use
README.md:2
🔗
Medium External URL 外部 URL
https://placehold.co/800x400/1e1e1e/ffffff?text=Terminal+Demo+Coming+Soon
SKILL.md:32
🔗
Medium External URL 外部 URL
https://protected-site.com
SKILL.md:40
🔗
Medium External URL 外部 URL
https://news.ycombinator.com
SKILL.md:71
🔗
Medium External URL 外部 URL
https://www.google.com
src/tools/utils.rs:34
🔗
Medium External URL 外部 URL
https://sub.example.com
src/tools/utils.rs:53
🔗
Medium External URL 外部 URL
https://www.amazon.com
src/tools/utils.rs:60
🔗
Medium External URL 外部 URL
http://127.0.0.1
src/tools/utils.rs:67
🔗
Medium External URL 外部 URL
http://127.0.0.1:8080
src/tools/utils.rs:68
🔗
Medium External URL 外部 URL
https://iana.org/domains/example
test_state.json:6
🔗
Medium External URL 外部 URL
http://this-domain-should-not-exist-at-all-12345.com/fail
tests/debug_integration.rs:24
🔗
Medium External URL 外部 URL
https://rust-lang.org\
tests/dom_integration.rs:69

File Tree

71 files · 347.1 KB · 10702 lines
Rust 54f · 7619L JavaScript 6f · 2524L Markdown 3f · 410L TOML 2f · 87L JSON 5f · 48L YAML 1f · 14L
├─ 📁 src
│ ├─ 📁 bin
│ │ ├─ 📄 cli.rs Rust 373L · 13.1 KB
│ │ └─ 📄 mcp_server.rs Rust 203L · 7.1 KB
│ ├─ 📁 browser
│ │ ├─ 📄 config.rs Rust 136L · 3.4 KB
│ │ ├─ 📄 debug.rs Rust 16L · 355 B
│ │ ├─ 📄 mod.rs Rust 61L · 1.5 KB
│ │ └─ 📄 session.rs Rust 477L · 16.5 KB
│ ├─ 📁 dom
│ │ ├─ 📄 element.rs Rust 441L · 12.8 KB
│ │ ├─ 📜 extract_dom.js JavaScript 849L · 23.4 KB
│ │ ├─ 📄 mod.rs Rust 14L · 497 B
│ │ ├─ 📄 tree.rs Rust 296L · 9.7 KB
│ │ └─ 📄 yaml.rs Rust 149L · 4.3 KB
│ ├─ 📁 mcp
│ │ ├─ 📄 handler.rs Rust 63L · 2.0 KB
│ │ └─ 📄 mod.rs Rust 81L · 4.5 KB
│ ├─ 📁 tools
│ │ ├─ 📄 annotate.rs Rust 165L · 6.7 KB
│ │ ├─ 📄 click.rs Rust 84L · 3.0 KB
│ │ ├─ 📄 close_tab.rs Rust 45L · 1.5 KB
│ │ ├─ 📄 close.rs Rust 35L · 1.1 KB
│ │ ├─ 📜 convert_to_markdown.js JavaScript 117L · 4.2 KB
│ │ ├─ 📄 cookies.rs Rust 58L · 1.5 KB
│ │ ├─ 📄 debug.rs Rust 44L · 1.2 KB
│ │ ├─ 📄 evaluate.rs Rust 40L · 1.1 KB
│ │ ├─ 📄 extract.rs Rust 66L · 2.1 KB
│ │ ├─ 📄 go_back.rs Rust 35L · 1.0 KB
│ │ ├─ 📄 go_forward.rs Rust 35L · 1.1 KB
│ │ ├─ 📜 hover.js JavaScript 33L · 754 B
│ │ ├─ 📄 hover.rs Rust 97L · 3.6 KB
│ │ ├─ 📄 html_to_markdown.rs Rust 99L · 2.8 KB
│ │ ├─ 📄 input.rs Rust 93L · 3.1 KB
│ │ ├─ 📄 local_storage.rs Rust 159L · 4.2 KB
│ │ ├─ 📄 markdown.rs Rust 181L · 6.5 KB
│ │ ├─ 📄 mod.rs Rust 326L · 9.9 KB
│ │ ├─ 📄 navigate.rs Rust 55L · 1.4 KB
│ │ ├─ 📄 new_tab.rs Rust 60L · 1.9 KB
│ │ ├─ 📄 press_key.rs Rust 78L · 2.0 KB
│ │ ├─ 📄 read_links.rs Rust 59L · 1.8 KB
│ │ ├─ 📄 readability_script.rs Rust 8L · 367 B
│ │ ├─ 📜 Readability.min.js JavaScript 1480L · 48.7 KB
│ │ ├─ 📄 screenshot.rs Rust 47L · 1.4 KB
│ │ ├─ 📜 scroll.js JavaScript 22L · 726 B
│ │ ├─ 📄 scroll.rs Rust 95L · 3.0 KB
│ │ ├─ 📜 select.js JavaScript 23L · 607 B
│ │ ├─ 📄 select.rs Rust 129L · 4.3 KB
│ │ ├─ 📄 sitemap.rs Rust 426L · 13.5 KB
│ │ ├─ 📄 snapshot.rs Rust 324L · 10.4 KB
│ │ ├─ 📄 switch_tab.rs Rust 69L · 2.3 KB
│ │ ├─ 📄 tab_list.rs Rust 76L · 2.3 KB
│ │ ├─ 📄 utils.rs Rust 92L · 3.4 KB
│ │ └─ 📄 wait.rs Rust 53L · 1.4 KB
│ ├─ 📄 error.rs Rust 115L · 3.2 KB
│ └─ 📄 lib.rs Rust 17L · 446 B
├─ 📁 tests
│ ├─ 📄 browser_tools_integration.rs Rust 233L · 7.6 KB
│ ├─ 📄 cli_recipes_integration.rs Rust 112L · 3.5 KB
│ ├─ 📄 cookies_integration.rs Rust 56L · 2.0 KB
│ ├─ 📄 debug_integration.rs Rust 83L · 3.2 KB
│ ├─ 📄 dom_integration.rs Rust 170L · 6.0 KB
│ ├─ 📄 local_storage_integration.rs Rust 75L · 3.1 KB
│ ├─ 📄 markdown_integration.rs Rust 448L · 15.3 KB
│ ├─ 📄 navigation_integration.rs Rust 241L · 8.8 KB
│ ├─ 📄 sitemap_integration.rs Rust 326L · 11.6 KB
│ └─ 📄 tab_management_integration.rs Rust 300L · 11.3 KB
├─ 📋 _meta.json JSON 5L · 135 B
├─ 📄 Cargo.toml TOML 77L · 1.8 KB
├─ 📝 CODEBUDDY.md Markdown 142L · 5.6 KB
├─ 📋 package-lock.json JSON 28L · 686 B
├─ 📋 package.json JSON 8L · 111 B
├─ 📝 README.md Markdown 62L · 1.4 KB
├─ 📄 rustfmt.toml TOML 10L · 212 B
├─ 📝 SKILL.md Markdown 206L · 6.5 KB
├─ 📋 skills.yaml YAML 14L · 334 B
├─ 📋 test_auth.json JSON 2L · 19 B
└─ 📋 test_state.json JSON 5L · 301 B

Dependencies 4 items

PackageVersionSourceKnown VulnsNotes
headless_chrome 1.0.18 crates.io No Well-maintained CDP wrapper
rmcp 0.8 crates.io No MCP protocol implementation
tokio 1 crates.io No Async runtime
serde 1.0 crates.io No Serialization framework

Security Positives

✓ Pure Rust implementation using well-established crates (headless_chrome, tokio, serde)
✓ No obfuscation, base64-encoded payloads, or suspicious patterns
✓ No credential harvesting or environment variable enumeration
✓ All capabilities are browser automation-specific and documented in SKILL.md
✓ Comprehensive test suite present (18 integration test files)
✓ No access to sensitive host files (.ssh, .aws, .env, /etc/)
✓ No external C2 communications or data exfiltration endpoints
✓ Version pinning present in Cargo.toml dependencies