Trust Assessment
browser-automation-skill received a trust score of 81/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 1 medium, and 0 low severity. Key findings include Broad Bash permission for `agent-browser` tool, Unpinned `agent-browser` dependency in installation instructions.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Broad Bash permission for `agent-browser` tool The skill declares `Bash(agent-browser:*)` which grants the agent the ability to execute any command starting with `agent-browser` via Bash. The skill's examples demonstrate `agent-browser` commands that perform arbitrary file reads (e.g., `agent-browser upload @e1 file.pdf`), arbitrary file writes (e.g., `agent-browser state save session.json`, `agent-browser screenshot out.png`, `agent-browser pdf output.pdf`, `agent-browser record start/stop`), and network requests to arbitrary URLs. While these are core functionalities of a browser automation tool, the `*` wildcard makes the permission overly broad, allowing potential abuse if the agent is prompted to interact with the filesystem or network in an unintended way. Restrict the `Bash` permission to a more granular set of `agent-browser` subcommands if possible, or implement strict input validation and sandboxing for any file paths or URLs provided by the user to `agent-browser` commands. Consider if the agent truly needs to write to arbitrary locations or read arbitrary files. | LLM | SKILL.md | |
| MEDIUM | Unpinned `agent-browser` dependency in installation instructions The skill instructs users to install `agent-browser` globally using `npm install -g agent-browser` without specifying a version. This means that any future execution of these installation commands will fetch the latest version of the `agent-browser` package. If a malicious or vulnerable version of `agent-browser` is published to npm, it could be automatically installed, introducing a supply chain risk. Pin the `agent-browser` dependency to a specific, known-good version (e.g., `npm install -g agent-browser@1.2.3`). Regularly audit and update the pinned version after verifying its integrity and security. | LLM | SKILL.md:18 |
Scan History
Embed Code
[](https://skillshield.io/report/3bde416b743e9f01)
Powered by SkillShield