Scan Report
5 /100
agent-browser
Headless browser automation CLI optimized for AI agents with accessibility tree snapshots and ref-based element selection
Documentation-only skill describing the legitimate open-source agent-browser CLI tool by Vercel Labs; no executable code present.
Safe to install
This skill is safe to use. No security concerns identified.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | NONE | NONE | — | No code present - documentation describes state save/load as expected browser au… |
| Network | NONE | NONE | — | No code present - network commands described as expected browser automation beha… |
| Shell | NONE | NONE | — | No code present - describes CLI commands to be executed by external agent-browse… |
| Browser | READ | READ | ✓ Aligned | SKILL.md: browser automation (open, click, fill, snapshot) |
| Environment | NONE | NONE | — | No environment variable access in skill documentation |
| Skill Invoke | NONE | NONE | — | No skill chaining described |
| Clipboard | NONE | NONE | — | No clipboard access described |
| Database | NONE | NONE | — | No database access described |
1 findings
Medium External URL 外部 URL
https://www.google.com SKILL.md:168 File Tree
2 files · 5.6 KB · 211 lines Markdown 1f · 206L
JSON 1f · 5L
├─
_meta.json
JSON
└─
SKILL.md
Markdown
Security Positives
✓ Documentation-only skill with no executable code
✓ References legitimate open-source tool (Vercel Labs agent-browser on GitHub)
✓ All described capabilities are standard browser automation features
✓ No hidden functionality or shadow behavior
✓ No credential harvesting, data exfiltration, or obfuscation patterns
✓ No base64-encoded content or suspicious string patterns
✓ No curl|bash or wget|sh remote script execution
✓ No access to sensitive paths (~/.ssh, ~/.aws, .env)