Security Audit

browser-use

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

CRITICAL

Scanned about 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

browser-use received a trust score of 12/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.

SkillShield's automated analysis identified 3 findings: 3 critical, 0 high, 0 medium, and 0 low severity. Key findings include Remote code execution: curl/wget pipe to shell, Unsafe use of BROWSER_USE_API_KEY in shell commands.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Static Code Analysis layer scored lowest at 40/100, indicating areas for improvement.

Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

40%

Dependency Graph

100%

LLM Behavioral Safety

70%

Behavioral Risk Signals

Network Access

3 findings

Filesystem Write

1 finding

Shell Execution

3 findings

Dynamic Code

1 finding

Security Findings3

Severity	Finding	Layer	Location
CRITICAL	Remote code execution: curl/wget pipe to shell Detected a pattern that downloads and immediately executes remote code. This is a primary malware delivery vector. Never pipe curl/wget output directly to a shell interpreter.	Static	skills/jfrux/browser-use-api/scripts/browser-use.sh:29
CRITICAL	Remote code execution: curl/wget pipe to shell Detected a pattern that downloads and immediately executes remote code. This is a primary malware delivery vector. Never pipe curl/wget output directly to a shell interpreter.	Static	skills/jfrux/browser-use-api/scripts/browser-use.sh:51
CRITICAL	Unsafe use of BROWSER_USE_API_KEY in shell commands The `BROWSER_USE_API_KEY` environment variable is directly interpolated into double-quoted strings within `curl` commands. If the value of `BROWSER_USE_API_KEY` contains shell metacharacters (e.g., a double quote `"`, semicolon `;`, or backtick `` ` ``), it can break out of the string and allow for arbitrary command injection. This could lead to data exfiltration (e.g., sending local files or other environment variables to an attacker-controlled server) or execution of malicious commands on the host system. This vulnerability exists in all `curl` calls that use the API key. Avoid direct interpolation of sensitive environment variables into shell commands without robust escaping. Ensure the `BROWSER_USE_API_KEY` is sanitized to prevent shell metacharacters from breaking out of the string context. Consider using a safer method for passing secrets, such as a dedicated tool or a programming language's subprocess module that avoids shell interpretation. If strictly using bash, ensure the API key is validated to contain only safe characters, or implement a robust escaping mechanism for all possible shell metacharacters.	LLM	scripts/browser-use.sh:26

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/ee288b412c101d1c.svg)](https://skillshield.io/report/ee288b412c101d1c)