Security Audit

agent-browser

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

TRUSTED

Scanned about 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

agent-browser received a trust score of 80/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.

SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 1 medium, and 0 low severity. Key findings include Unsafe `curl | sh` for CLI installation, Shell variable expansion vulnerable to JSON injection.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

78%

Behavioral Risk Signals

Network Access

2 findings

Filesystem Write

2 findings

Shell Execution

2 findings

Dynamic Code

1 finding

Security Findings2

Severity	Finding	Layer	Location
HIGH	Unsafe `curl \| sh` for CLI installation The skill's quick start guide instructs users to install the `infsh` CLI using `curl -fsSL https://cli.inference.sh \| sh`. This method executes arbitrary code downloaded from a remote server without prior inspection, posing a significant supply chain risk. A compromise of the `inference.sh` server or the CDN serving the script could lead to arbitrary code execution on the user's machine. Recommend a safer installation method, such as downloading a signed binary, using a package manager, or at least reviewing the script before execution (e.g., `curl -fsSL https://cli.inference.sh > install.sh && less install.sh && sh install.sh`).	LLM	SKILL.md:15
MEDIUM	Shell variable expansion vulnerable to JSON injection The provided shell script templates construct JSON payloads by directly embedding shell variables using the pattern `'''"$VAR"'''`. If a variable (e.g., `LOGIN_URL`, `APP_USERNAME`, `APP_PASSWORD`) contains a single quote character (`'`), the JSON string will be malformed, leading to a shell syntax error or an invalid command being passed to `infsh`. This can cause the command to fail or behave unexpectedly, and in some contexts, could potentially be exploited for command injection if the parsing logic of `infsh` or the shell is not robust. This pattern is repeated across multiple templates. Use `jq` to safely construct JSON payloads from shell variables. For example, instead of `'''"$LOGIN_URL"'''`, use `$(jq -n --arg url "$LOGIN_URL" '{"url": $url}')` for the entire input object, or ensure proper shell escaping of single quotes within variables before embedding.	LLM	templates/authenticated-session.sh:40

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/7c24b5539f75f92d.svg)](https://skillshield.io/report/7c24b5539f75f92d)