Trust Assessment
browser received a trust score of 68/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 0 critical, 2 high, 1 medium, and 0 low severity. Key findings include Excessive 'Bash' tool permission, Potential command injection via user-provided arguments, Handling of sensitive API keys.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 63/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Excessive 'Bash' tool permission The skill explicitly declares `Bash` as an allowed tool in its manifest. This grants the skill the ability to execute arbitrary shell commands, which is a highly privileged operation. While potentially necessary for a CLI-based browser automation skill, it significantly increases the attack surface for command injection if user inputs are not rigorously sanitized. Any vulnerability in the skill's command construction or input handling could lead to arbitrary code execution. Ensure all user-provided inputs passed to Bash commands are strictly validated and sanitized. Implement robust sandboxing or use safer alternatives to direct shell execution where possible. Minimize the scope of Bash commands to only what is absolutely necessary for the skill's functionality. | LLM | SKILL.md | |
| HIGH | Potential command injection via user-provided arguments The skill exposes commands such as `browser act "<action>"`, `browser extract "<instruction>"`, and `browser observe "<query>"`, which accept arbitrary user-provided strings. Given that the skill has `Bash` execution permissions, there is a high risk of command injection if these user inputs are not rigorously sanitized before being passed to underlying shell commands or scripts. An attacker could craft malicious `<action>`, `<instruction>`, or `<query>` strings to execute arbitrary commands on the host system. Implement strict input validation and sanitization for all user-provided arguments passed to `browser` commands. Avoid direct interpolation of user input into shell commands. Use parameterized commands or escape special characters thoroughly. Consider using a safer API for subprocess execution that does not involve shell interpretation. | LLM | SKILL.md:26 | |
| MEDIUM | Handling of sensitive API keys The skill description indicates it reads `BROWSERBASE_API_KEY` and `BROWSERBASE_PROJECT_ID` from the `.env` file for use with a "remote Browserbase environment". While this is a common pattern for configuration, it means sensitive credentials are being handled and potentially transmitted to a third-party service. Without reviewing the underlying code, it's unclear how these keys are secured during transmission and storage, or if they are logged, which could lead to credential exposure. Implement secure practices for handling API keys, such as environment variable injection, encrypted storage, and ensuring they are never logged or exposed in client-side code. Verify the security of the Browserbase integration and its data handling policies. Ensure `.env` files are properly excluded from version control. | LLM | SKILL.md:8 |
Scan History
Embed Code
[](https://skillshield.io/report/8f40debe42d8d03f)
Powered by SkillShield