browser-use 安全扫描报告 — 低风险 | ClawSafe

30 /100

browser-use

Automates browser interactions for web testing, form filling, screenshots, and data extraction

This is a thin wrapper skill for the legitimate browser-use CLI tool with comprehensive documentation declaring all capabilities including profile access, cookie management, Python execution, and tunnel creation.

技能名称browser-use

分析耗时35.3s

引擎pi

✓

可以安装

Approve for use with standard sandboxing. The skill is a documentation wrapper around browser-use CLI; verify browser-use package integrity separately. Profile access capability means authenticated sessions may be accessible - restrict profile options in untrusted environments.

安全发现 4 项

严重性	安全发现	位置
中危	Chrome Profile Access with Existing Authenticated Sessions The skill can use --profile to access real Chrome profiles including Default profile, which contains existing logins, cookies, and potentially saved passwords. This grants access to authenticated sessions on any site. `browser-use --profile "Default" open https://github.com # Already logged in` → In untrusted environments, restrict profile access. Consider disallowing --profile flag for sensitive workflows.	`SKILL.md:52`
中危	Arbitrary Python Code Execution The 'browser-use python' command allows execution of arbitrary Python code with persistent browser access. This is equivalent to shell access in terms of system control. `browser-use python "code" # Execute Python (variables persist across calls)` → Treat this capability as equivalent to shell:WRITE. Apply same restrictions as Bash access.	`SKILL.md:45`
低危	Cloudflare Tunnel Creation The 'browser-use tunnel' command can expose local ports to the internet via Cloudflare tunnels, creating potential attack vectors. `browser-use tunnel 3000 # → https://abc.trycloudflare.com` → Monitor tunnel creation in production environments. Consider disallowing tunnel commands.	`SKILL.md:168`
提示	External Cloudflare Tunnel URL Skill uses trycloudflare.com for tunneling, an external URL. This is standard for legitimate tunnel services but worth noting. `https://abc.trycloudflare.com` → No action needed - this is a legitimate tunneling service.	`SKILL.md:168`

资源类型	声明权限	推断权限	状态	证据
命令执行	`WRITE`	`WRITE`	✓ 一致	allowed-tools: Bash(browser-use:*)
浏览器	`WRITE`	`WRITE`	✓ 一致	Full browser automation documented
文件系统	`READ`	`READ`	✓ 一致	File upload, screenshot save, profile sync - file operations are scoped and decl…
网络访问	`READ`	`READ`	✓ 一致	Web navigation and Cloudflare tunnels are declared browser:WRITE operations

1 项发现

🔗

中危外部 URL 外部 URL

https://abc.trycloudflare.com

SKILL.md:168

目录结构

2 文件 · 8.6 KB · 207 行

Markdown 1f · 202L JSON 1f · 5L

├─ 📋 _meta.json JSON 5L · 130 B

└─ 📝 SKILL.md Markdown 202L · 8.5 KB

安全亮点

✓ Comprehensive documentation with all capabilities explicitly declared

✓ No embedded scripts or hidden functionality - purely a CLI wrapper

✓ No credential harvesting or exfiltration patterns detected

✓ No base64, eval, or obfuscated code patterns

✓ No suspicious network connections (IP addresses, C2 indicators)

✓ Cloudflare tunnels are a standard, legitimate service

✓ No sensitive file access (no ~/.ssh, ~/.aws, .env access patterns)

✓ Standard browser automation capabilities aligned with the tool's purpose