Trust Assessment
browser-use-local received a trust score of 35/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 5 findings: 1 critical, 1 high, 3 medium, and 0 low severity. Key findings include Unsafe environment variable passthrough, Credential harvesting, Unsafe deserialization / dynamic eval.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 48/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Credential harvesting Reading well-known credential environment variables Skills should only access environment variables they explicitly need. Bulk environment dumps (os.environ.copy, JSON.stringify(process.env)) are almost always malicious. Remove access to Keychain, GPG keys, and credential stores. | Manifest | skills/fengjiajie/browser-use-local/scripts/run_agent_kimi.py:11 | |
| HIGH | Unsafe environment variable passthrough Access to well-known credential environment variables Minimize environment variable exposure. Only pass required, non-sensitive variables to MCP servers. Use dedicated secret management instead of environment passthrough. | Manifest | skills/fengjiajie/browser-use-local/scripts/run_agent_kimi.py:11 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/fengjiajie/browser-use-local/scripts/crop_candidates.py:3 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/fengjiajie/browser-use-local/SKILL.md:1 | |
| MEDIUM | Unpinned Python Dependencies The Python script 'scripts/run_agent_kimi.py' imports the 'browser_use' library, but there is no 'requirements.txt' or similar dependency file provided within the skill package context that explicitly pins the version of this or other potential dependencies. This lack of version pinning can lead to supply chain risks, as a malicious or vulnerable update to an unpinned dependency could be automatically pulled in during installation, introducing security flaws or backdoors without explicit review. Add a 'requirements.txt' file to the skill package, explicitly listing and pinning the versions of all Python dependencies (e.g., 'browser_use==1.2.3'). Ensure that the virtual environment activation or installation process uses this pinned dependency file to guarantee consistent and secure dependency versions. | LLM | scripts/run_agent_kimi.py:4 |
Scan History
Embed Code
[](https://skillshield.io/report/551a22c0c23515c0)
Powered by SkillShield