Scan Report
5 /100
arise-browser
Browser automation for AI agents — control Chrome via CLI commands with persistent element refs, YAML accessibility snapshots, and WebRTC live view
AriseBrowser is a legitimate browser automation skill documented entirely in Markdown with no executable code. All security considerations are clearly declared, with no hidden functionality or suspicious behavior.
Safe to install
No action required. This is a clean, well-documented browser automation skill.
Findings 1 items
| Severity | Finding | Location |
|---|---|---|
| Low | Stealth headers enable bot detection evasion Doc Mismatch | SKILL.md:1 |
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Browser | WRITE | WRITE | ✓ Aligned | SKILL.md:CLI commands (snap, click, type, select) control Playwright Chromium |
| Network | READ | READ | ✓ Aligned | SKILL.md:arise-browser open navigates to URLs |
| Filesystem | NONE | NONE | — | No file operations; snapshots are in-memory/stdout |
| Shell | NONE | NONE | — | No shell execution in skill documentation |
2 findings
Medium External URL 外部 URL
https://amazon.com/s?k=laptop SKILL.md:65 Medium External URL 外部 URL
https://producthunt.com references/api.md:188 File Tree
3 files · 9.2 KB · 365 lines Markdown 3f · 365L
├─
▾
references
│ └─
api.md
Markdown
├─
SKILL.md
Markdown
└─
TRUST.md
Markdown
Security Positives
✓ Documentation is comprehensive and transparent about security model
✓ No executable code present - purely declarative skill definition
✓ Localhost-only binding by default prevents remote exploitation
✓ No telemetry or external data exfiltration declared
✓ Optional ARISE_BROWSER_TOKEN authentication documented
✓ Warning about /evaluate command (arbitrary JS execution) is explicit
✓ Data persistence clearly scoped (ephemeral, cleared on restart)
✓ Open-source dependencies documented (playwright, fastify, pino)