Trust Assessment
browserbase-sessions received a trust score of 53/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 6 findings: 0 critical, 1 high, 5 medium, and 0 low severity. Key findings include Suspicious import: urllib.request, Unpinned Python dependency version, High system-level permissions required for setup.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 12, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings6
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Arbitrary file overwrite via user-controlled output paths The `browserbase_manager.py` script allows users to specify arbitrary file paths for saving screenshots and session recordings using the `--output` and `--screenshot` arguments. The script does not validate or sanitize these paths, which could allow an attacker or a misdirected LLM agent to overwrite critical system files or user configuration files (e.g., `/etc/passwd`, `~/.bashrc`, `~/.ssh/authorized_keys`) with image or video data, leading to data integrity issues, denial of service, or potential privilege escalation. Implement path validation and sanitization for all user-provided output paths (`--output`, `--screenshot`). Restrict output to a designated, sandboxed directory (e.g., a temporary directory or a skill-specific output directory) or validate that paths are within an allowed subdirectory. Alternatively, prompt the user for confirmation before overwriting existing files, especially outside the designated output directory. | LLM | scripts/browserbase_manager.py:348 | |
| MEDIUM | Suspicious import: urllib.request Import of 'urllib.request' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/jamesfincher/browserbase/scripts/browserbase_manager.py:258 | |
| MEDIUM | Suspicious import: urllib.request Import of 'urllib.request' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/jamesfincher/browserbase/scripts/browserbase_manager.py:697 | |
| MEDIUM | Unpinned Python dependency version Requirement 'browserbase>=1.0.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | skills/jamesfincher/browserbase/scripts/requirements.txt:1 | |
| MEDIUM | Unpinned Python dependency version Requirement 'playwright>=1.40.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | skills/jamesfincher/browserbase/scripts/requirements.txt:2 | |
| MEDIUM | High system-level permissions required for setup The skill's setup instructions in `SKILL.md` require the user to execute `playwright install chromium`. This command installs browser binaries globally or locally, often requiring elevated system privileges or significant filesystem access. While this is a one-time setup step performed by the user, it indicates that the skill's operational environment needs to permit such high-privilege actions, which could be a concern in restricted or sandboxed AI agent environments. Document the exact permissions required for `playwright install chromium` and consider alternative setup methods that do not require global system modifications, such as using containerized environments or pre-installed dependencies. If possible, guide users to install Playwright into a virtual environment. | LLM | SKILL.md:26 |
Scan History
Embed Code
[](https://skillshield.io/report/0abd13d2c469bff2)
Powered by SkillShield