中文 EN

扫描报告

扫描新文件

可信 — 风险评分 5/100
上次扫描:20 小时前 重新扫描
5 /100
Browser Automation Skills
Browser automation skills for AI models — navigate, screenshot, interact, scrape, debug, test, and record browser sessions via Chrome DevTools Protocol
Legitimate browser automation skill using Playwright/CDP. All declared tools map cleanly to documented functionality with no hidden behavior.
技能名称Browser Automation Skills
分析耗时34.4s
引擎pi
可以安装
No action needed. The skill is a standard browser automation package with well-documented capabilities.
资源类型声明权限推断权限状态证据
命令执行 WRITE WRITE ✓ 一致 allowed-tools: Bash in all SKILL.md files
文件系统 READ+WRITE READ+WRITE ✓ 一致 allowed-tools: Read + Write in all SKILL.md files
网络访问 READ READ ✓ 一致 browser.py navigates URLs via CDP; inherent to browser automation purpose
浏览器 READ+WRITE READ+WRITE ✓ 一致 Full CDP control via Playwright — navigate, click, type, screenshot, DOM read, c…
环境变量 NONE NONE No os.environ iteration; only reads BROWSER_CDP_ENDPOINT from env (line 55)
剪贴板 NONE NONE No clipboard access observed
技能调用 NONE NONE No skill-to-skill invocation

目录结构

12 文件 · 47.0 KB · 1341 行
Markdown 11f · 875L Python 1f · 466L
├─ 📁 docs
│ └─ 📝 api-reference.md Markdown 193L · 7.2 KB
├─ 📁 scripts
│ └─ 🐍 browser.py Python 466L · 16.7 KB
├─ 📁 skills
│ ├─ 📁 browser-context
│ │ └─ 📝 SKILL.md Markdown 66L · 3.1 KB
│ ├─ 📁 debug
│ │ └─ 📝 SKILL.md Markdown 64L · 1.9 KB
│ ├─ 📁 interact
│ │ └─ 📝 SKILL.md Markdown 53L · 1.8 KB
│ ├─ 📁 navigate
│ │ └─ 📝 SKILL.md Markdown 29L · 1.1 KB
│ ├─ 📁 record
│ │ └─ 📝 SKILL.md Markdown 38L · 1.3 KB
│ ├─ 📁 scrape
│ │ └─ 📝 SKILL.md Markdown 55L · 1.6 KB
│ ├─ 📁 screenshot
│ │ └─ 📝 SKILL.md Markdown 42L · 1.1 KB
│ └─ 📁 test
│ └─ 📝 SKILL.md Markdown 51L · 1.5 KB
├─ 📝 README.md Markdown 238L · 7.7 KB
└─ 📝 SKILL.md Markdown 46L · 2.0 KB

依赖分析 1 项

包名版本来源已知漏洞备注
playwright unpinned pip Version not pinned; recommend pinning to a specific version

安全亮点

✓ All allowed-tools (Bash, Read, Write) are fully documented and aligned with stated capabilities
✓ No base64-encoded execution, eval(), or obfuscation patterns found
✓ No credential harvesting — no iteration through os.environ for secrets
✓ No C2 communication, reverse shells, or data exfiltration endpoints
✓ No remote script execution (curl|bash, wget|sh)
✓ No sensitive path access (~/.ssh, ~/.aws, .env files)
✓ Playwright CDP approach is well-documented and legitimate
✓ Lock overlay mechanism is declared in both SKILL.md and browser.py docstring
✓ Visual overlay provides user-facing stop button with clear UI feedback
✓ MIT-0 license, open-source transparency