中文 EN

Scan Report

Scan New Files

Trusted — Risk Score 5/100
Last scan:18 hr ago Rescan
5 /100
Browser Automation Skills
Browser automation skills for AI models — navigate, screenshot, interact, scrape, debug, test, and record browser sessions via Chrome DevTools Protocol
Legitimate browser automation skill using Playwright/CDP. All declared tools map cleanly to documented functionality with no hidden behavior.
Skill NameBrowser Automation Skills
Duration34.4s
Enginepi
Safe to install
No action needed. The skill is a standard browser automation package with well-documented capabilities.
ResourceDeclaredInferredStatusEvidence
Shell WRITE WRITE ✓ Aligned allowed-tools: Bash in all SKILL.md files
Filesystem READ+WRITE READ+WRITE ✓ Aligned allowed-tools: Read + Write in all SKILL.md files
Network READ READ ✓ Aligned browser.py navigates URLs via CDP; inherent to browser automation purpose
Browser READ+WRITE READ+WRITE ✓ Aligned Full CDP control via Playwright — navigate, click, type, screenshot, DOM read, c…
Environment NONE NONE No os.environ iteration; only reads BROWSER_CDP_ENDPOINT from env (line 55)
Clipboard NONE NONE No clipboard access observed
Skill Invoke NONE NONE No skill-to-skill invocation

File Tree

12 files · 47.0 KB · 1341 lines
Markdown 11f · 875L Python 1f · 466L
├─ 📁 docs
│ └─ 📝 api-reference.md Markdown 193L · 7.2 KB
├─ 📁 scripts
│ └─ 🐍 browser.py Python 466L · 16.7 KB
├─ 📁 skills
│ ├─ 📁 browser-context
│ │ └─ 📝 SKILL.md Markdown 66L · 3.1 KB
│ ├─ 📁 debug
│ │ └─ 📝 SKILL.md Markdown 64L · 1.9 KB
│ ├─ 📁 interact
│ │ └─ 📝 SKILL.md Markdown 53L · 1.8 KB
│ ├─ 📁 navigate
│ │ └─ 📝 SKILL.md Markdown 29L · 1.1 KB
│ ├─ 📁 record
│ │ └─ 📝 SKILL.md Markdown 38L · 1.3 KB
│ ├─ 📁 scrape
│ │ └─ 📝 SKILL.md Markdown 55L · 1.6 KB
│ ├─ 📁 screenshot
│ │ └─ 📝 SKILL.md Markdown 42L · 1.1 KB
│ └─ 📁 test
│ └─ 📝 SKILL.md Markdown 51L · 1.5 KB
├─ 📝 README.md Markdown 238L · 7.7 KB
└─ 📝 SKILL.md Markdown 46L · 2.0 KB

Dependencies 1 items

PackageVersionSourceKnown VulnsNotes
playwright unpinned pip No Version not pinned; recommend pinning to a specific version

Security Positives

✓ All allowed-tools (Bash, Read, Write) are fully documented and aligned with stated capabilities
✓ No base64-encoded execution, eval(), or obfuscation patterns found
✓ No credential harvesting — no iteration through os.environ for secrets
✓ No C2 communication, reverse shells, or data exfiltration endpoints
✓ No remote script execution (curl|bash, wget|sh)
✓ No sensitive path access (~/.ssh, ~/.aws, .env files)
✓ Playwright CDP approach is well-documented and legitimate
✓ Lock overlay mechanism is declared in both SKILL.md and browser.py docstring
✓ Visual overlay provides user-facing stop button with clear UI feedback
✓ MIT-0 license, open-source transparency