Trust Assessment
browserbase-functions received a trust score of 21/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 4 findings: 2 critical, 1 high, 1 medium, and 0 low severity. Key findings include Network egress to untrusted endpoints, Use of 'eval' for credential export, Unpinned dependency versions in CLI commands.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 40/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/pkiv/browse/skills/functions/SKILL.md:110 | |
| CRITICAL | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/pkiv/browse/skills/functions/SKILL.md:115 | |
| HIGH | Use of 'eval' for credential export The skill instructs the user to execute `eval "$(stagehand fn auth export)"`. The `eval` command executes arbitrary shell commands returned by `stagehand fn auth export`. If the `stagehand` CLI or its dependencies are compromised, this could lead to the execution of malicious code with the user's privileges, potentially exfiltrating credentials or compromising the system. This is a direct command injection vulnerability if the output of `stagehand fn auth export` is not fully trusted. Avoid using `eval` for handling sensitive information or executing dynamic commands. Instead, consider safer alternatives like parsing the output of `stagehand fn auth export` in a controlled environment, or having the `stagehand` CLI write credentials to a secure file that can be sourced safely without `eval`. | LLM | SKILL.md:20 | |
| MEDIUM | Unpinned dependency versions in CLI commands The skill instructs the user to use `pnpm dlx @browserbasehq/sdk-functions init` and `pnpm add @browserbasehq/sdk-functions` without specifying a version. This means the latest version of the package will be downloaded and executed. This introduces a supply chain risk, as a malicious update to the package could compromise the user's system or introduce vulnerabilities without explicit user consent or awareness. Always pin dependency versions when instructing users to install or execute packages (e.g., `pnpm dlx @browserbasehq/sdk-functions@1.0.0 init my-function`). This ensures reproducibility and reduces the risk of unexpected or malicious updates. | LLM | SKILL.md:32 |
Scan History
Embed Code
[](https://skillshield.io/report/6eb8f3a305ec3ae1)
Powered by SkillShield