中文 EN

Scan Report

Scan New Files

Trusted — Risk Score 5/100
Last scan:17 hr ago Rescan
5 /100
open-browser
Visual AI browser automation via OpenBrowser Agent — sees pages via screenshots and simulates human browser interactions
OpenBrowser is a legitimate visual AI browser automation skill with no malicious behavior — all operations are local, subprocess usage is documented, and no credentials are exfiltrated.
Skill Nameopen-browser
Duration31.9s
Enginepi
Safe to install
No action needed. The skill is safe to use as described.
ResourceDeclaredInferredStatusEvidence
Filesystem READ READ ✓ Aligned Scripts read from local server only; no arbitrary file writes without user conse…
Network READ READ ✓ Aligned All HTTP/WebSocket calls target localhost:8765; DashScope API is the intended AI…
Shell WRITE WRITE ✓ Aligned subprocess.Popen used for background task execution, explicitly documented in SK…
Environment READ READ ✓ Aligned OPENBROWSER_CHROME_UUID read from env, used only for local server registration
Browser WRITE WRITE ✓ Aligned Chrome extension browser control via WebSocket, the core purpose of the skill
4 findings
🔗
Medium External URL 外部 URL
https://dashscope.aliyun.com/
SKILL.md:111
🔗
Medium External URL 外部 URL
http://127.0.0.1:8765
references/api_reference.md:7
🔗
Medium External URL 外部 URL
https://dashscope.aliyuncs.com/compatible-mode/v1
references/api_reference.md:56
🔗
Medium External URL 外部 URL
https://docs.astral.sh/uv/
references/setup.md:7

File Tree

6 files · 34.5 KB · 1280 lines
Markdown 4f · 778L Python 2f · 502L
├─ 📁 references
│ ├─ 📝 api_reference.md Markdown 336L · 6.1 KB
│ ├─ 📝 setup.md Markdown 97L · 2.2 KB
│ └─ 📝 troubleshooting.md Markdown 169L · 3.7 KB
├─ 📁 scripts
│ ├─ 🐍 check_status.py Python 177L · 5.8 KB
│ └─ 🐍 send_task.py Python 325L · 11.0 KB
└─ 📝 SKILL.md Markdown 176L · 5.7 KB

Security Positives

✓ All network operations are local (127.0.0.1:8765) except DashScope API for browser automation
✓ No credential harvesting or environment variable iteration for sensitive keys
✓ No base64, eval, or obfuscated code patterns
✓ No access to ~/.ssh, ~/.aws, .env, or other sensitive host paths
✓ No data exfiltration or C2 communication
✓ Subprocess usage is explicitly declared and documented in SKILL.md
✓ Browser UUID is a local capability token — not a secret, scoped to the local server
✓ No supply chain risks — all dependencies are from known package managers with pinned tooling
✓ Scripts are readable, well-structured Python with no hidden functionality