扫描报告
5 /100
agent-browser
Headless browser automation CLI optimized for AI agents with accessibility tree snapshots and ref-based element selection
Documentation-only skill describing the legitimate open-source agent-browser CLI tool by Vercel Labs; no executable code present.
可以安装
This skill is safe to use. No security concerns identified.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | NONE | NONE | — | No code present - documentation describes state save/load as expected browser au… |
| 网络访问 | NONE | NONE | — | No code present - network commands described as expected browser automation beha… |
| 命令执行 | NONE | NONE | — | No code present - describes CLI commands to be executed by external agent-browse… |
| 浏览器 | READ | READ | ✓ 一致 | SKILL.md: browser automation (open, click, fill, snapshot) |
| 环境变量 | NONE | NONE | — | No environment variable access in skill documentation |
| 技能调用 | NONE | NONE | — | No skill chaining described |
| 剪贴板 | NONE | NONE | — | No clipboard access described |
| 数据库 | NONE | NONE | — | No database access described |
1 项发现
中危 外部 URL 外部 URL
https://www.google.com SKILL.md:168 目录结构
2 文件 · 5.6 KB · 211 行 Markdown 1f · 206L
JSON 1f · 5L
├─
_meta.json
JSON
└─
SKILL.md
Markdown
安全亮点
✓ Documentation-only skill with no executable code
✓ References legitimate open-source tool (Vercel Labs agent-browser on GitHub)
✓ All described capabilities are standard browser automation features
✓ No hidden functionality or shadow behavior
✓ No credential harvesting, data exfiltration, or obfuscation patterns
✓ No base64-encoded content or suspicious string patterns
✓ No curl|bash or wget|sh remote script execution
✓ No access to sensitive paths (~/.ssh, ~/.aws, .env)