browser-use-init Security Report — Trusted | ClawSafe

5 /100

browser-use-init

Chrome DevTools Protocol (CDP) initialization for browser automation using Playwright and browser-use Agent

Legitimate Chrome browser automation skill using CDP protocol with documented subprocess usage for browser process management.

Skill Namebrowser-use-init

Duration34.3s

Enginepi

✓

Safe to install

This skill is safe for use. No security concerns identified.

Findings 1 items

Severity	Finding	Location
Low	Dependencies not version pinned Supply Chain SKILL.md shows 'pip install playwright' without version specifier, which could lead to unexpected updates `pip install playwright` → Pin versions for reproducible builds: pip install playwright==1.50.0	`SKILL.md:148`

Resource	Declared	Inferred	Status	Evidence
Shell	`WRITE`	`WRITE`	✓ Aligned	start_chrome.py:58 subprocess.Popen with shell=True for launching Chrome
Network	`READ`	`READ`	✓ Aligned	All network calls are localhost-only CDP/WebSocket connections
Filesystem	`WRITE`	`WRITE`	✓ Aligned	Profile copying to custom directory, documented behavior
Browser	`WRITE`	`WRITE`	✓ Aligned	Core purpose - browser automation via CDP protocol

6 findings

🔗

Medium External URL 外部 URL

https://www.jd.com/

SKILL.md:68

🔗

Medium External URL 外部 URL

https://chromedevtools.github.io/devtools-protocol/

references/chrome-cdp-solution.md:209

🔗

Medium External URL 外部 URL

https://playwright.dev/python/docs/browsers#connect-to-an-existing-browser-instance

references/chrome-cdp-solution.md:210

🔗

Medium External URL 外部 URL

https://docs.browser-use.com/

references/chrome-cdp-solution.md:211

🔗

Medium External URL 外部 URL

https://developers.google.com/privacy-sandbox/3pcd

references/chrome-cdp-solution.md:212

🔗

Medium External URL 外部 URL

https://www.example.com

scripts/playwright_connect.py:17

File Tree

6 files · 27.0 KB · 828 lines

Markdown 2f · 505L Python 4f · 323L

├─ ▾ 📁 references

│ └─ 📝 chrome-cdp-solution.md Markdown 212L · 8.0 KB

├─ ▾ 📁 scripts

│ ├─ 🐍 playwright_connect.py Python 71L · 2.6 KB

│ ├─ 🐍 query_cdp.py Python 57L · 1.8 KB

│ ├─ 🐍 run_agent.py Python 75L · 2.5 KB

│ └─ 🐍 start_chrome.py Python 120L · 4.1 KB

└─ 📝 SKILL.md Markdown 293L · 8.1 KB

Dependencies 3 items

Package	Version	Source	Known Vulns	Notes
`playwright`	`*`	pip	No	Version not pinned
`browser-use`	`*`	pip	No	Version not pinned
`langchain-ollama`	`*`	pip	No	Version not pinned

Security Positives

✓ All shell execution is explicitly documented (kill/start Chrome)

✓ All network requests are localhost-only (CDP/WebSocket debugging)

✓ No base64-encoded commands or obfuscation observed

✓ No credential harvesting or exfiltration detected

✓ No remote script downloads (curl|bash pattern absent)

✓ Profile copying is the documented core feature, not hidden behavior

✓ No access to sensitive paths like ~/.ssh or .env

✓ LLM-driven browser control is clearly scoped to user-provided tasks

Scan Report

Findings 1 items

File Tree

Dependencies 3 items

Security Positives