扫描报告
5 /100
arise-browser
Browser automation for AI agents — control Chrome via CLI commands with persistent element refs, YAML accessibility snapshots, and WebRTC live view
AriseBrowser is a legitimate browser automation skill documented entirely in Markdown with no executable code. All security considerations are clearly declared, with no hidden functionality or suspicious behavior.
可以安装
No action required. This is a clean, well-documented browser automation skill.
安全发现 1 项
| 严重性 | 安全发现 | 位置 |
|---|---|---|
| 低危 | Stealth headers enable bot detection evasion 文档欺骗 | SKILL.md:1 |
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 浏览器 | WRITE | WRITE | ✓ 一致 | SKILL.md:CLI commands (snap, click, type, select) control Playwright Chromium |
| 网络访问 | READ | READ | ✓ 一致 | SKILL.md:arise-browser open navigates to URLs |
| 文件系统 | NONE | NONE | — | No file operations; snapshots are in-memory/stdout |
| 命令执行 | NONE | NONE | — | No shell execution in skill documentation |
2 项发现
中危 外部 URL 外部 URL
https://amazon.com/s?k=laptop SKILL.md:65 中危 外部 URL 外部 URL
https://producthunt.com references/api.md:188 目录结构
3 文件 · 9.2 KB · 365 行 Markdown 3f · 365L
├─
▾
references
│ └─
api.md
Markdown
├─
SKILL.md
Markdown
└─
TRUST.md
Markdown
安全亮点
✓ Documentation is comprehensive and transparent about security model
✓ No executable code present - purely declarative skill definition
✓ Localhost-only binding by default prevents remote exploitation
✓ No telemetry or external data exfiltration declared
✓ Optional ARISE_BROWSER_TOKEN authentication documented
✓ Warning about /evaluate command (arbitrary JS execution) is explicit
✓ Data persistence clearly scoped (ephemeral, cleared on restart)
✓ Open-source dependencies documented (playwright, fastify, pino)