browser-use Security Report — Low Risk | ClawSafe

30 /100

browser-use

Automates browser interactions for web testing, form filling, screenshots, and data extraction

This is a thin wrapper skill for the legitimate browser-use CLI tool with comprehensive documentation declaring all capabilities including profile access, cookie management, Python execution, and tunnel creation.

Skill Namebrowser-use

Duration35.3s

Enginepi

✓

Safe to install

Approve for use with standard sandboxing. The skill is a documentation wrapper around browser-use CLI; verify browser-use package integrity separately. Profile access capability means authenticated sessions may be accessible - restrict profile options in untrusted environments.

Findings 4 items

Severity	Finding	Location
Medium	Chrome Profile Access with Existing Authenticated Sessions The skill can use --profile to access real Chrome profiles including Default profile, which contains existing logins, cookies, and potentially saved passwords. This grants access to authenticated sessions on any site. `browser-use --profile "Default" open https://github.com # Already logged in` → In untrusted environments, restrict profile access. Consider disallowing --profile flag for sensitive workflows.	`SKILL.md:52`
Medium	Arbitrary Python Code Execution The 'browser-use python' command allows execution of arbitrary Python code with persistent browser access. This is equivalent to shell access in terms of system control. `browser-use python "code" # Execute Python (variables persist across calls)` → Treat this capability as equivalent to shell:WRITE. Apply same restrictions as Bash access.	`SKILL.md:45`
Low	Cloudflare Tunnel Creation The 'browser-use tunnel' command can expose local ports to the internet via Cloudflare tunnels, creating potential attack vectors. `browser-use tunnel 3000 # → https://abc.trycloudflare.com` → Monitor tunnel creation in production environments. Consider disallowing tunnel commands.	`SKILL.md:168`
Info	External Cloudflare Tunnel URL Skill uses trycloudflare.com for tunneling, an external URL. This is standard for legitimate tunnel services but worth noting. `https://abc.trycloudflare.com` → No action needed - this is a legitimate tunneling service.	`SKILL.md:168`

Resource	Declared	Inferred	Status	Evidence
Shell	`WRITE`	`WRITE`	✓ Aligned	allowed-tools: Bash(browser-use:*)
Browser	`WRITE`	`WRITE`	✓ Aligned	Full browser automation documented
Filesystem	`READ`	`READ`	✓ Aligned	File upload, screenshot save, profile sync - file operations are scoped and decl…
Network	`READ`	`READ`	✓ Aligned	Web navigation and Cloudflare tunnels are declared browser:WRITE operations

1 findings

🔗

Medium External URL 外部 URL

https://abc.trycloudflare.com

SKILL.md:168

File Tree

2 files · 8.6 KB · 207 lines

Markdown 1f · 202L JSON 1f · 5L

├─ 📋 _meta.json JSON 5L · 130 B

└─ 📝 SKILL.md Markdown 202L · 8.5 KB

Security Positives

✓ Comprehensive documentation with all capabilities explicitly declared

✓ No embedded scripts or hidden functionality - purely a CLI wrapper

✓ No credential harvesting or exfiltration patterns detected

✓ No base64, eval, or obfuscated code patterns

✓ No suspicious network connections (IP addresses, C2 indicators)

✓ Cloudflare tunnels are a standard, legitimate service

✓ No sensitive file access (no ~/.ssh, ~/.aws, .env access patterns)

✓ Standard browser automation capabilities aligned with the tool's purpose

Scan Report

Findings 4 items

File Tree

Security Positives