Trust Assessment
podman-browser received a trust score of 41/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 5 findings: 1 critical, 1 high, 2 medium, and 1 low severity. Key findings include Arbitrary command execution, Missing required field: name, Container shares host IPC namespace.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary command execution Node.js child_process require Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/ricardodantas/podman-browser/browse.js:5 | |
| HIGH | Container shares host IPC namespace The Podman container is launched with `--ipc=host`, which shares the host system's Inter-Process Communication (IPC) namespace with the container. This significantly reduces the isolation between the container and the host. A compromised application within the container (e.g., an exploited Chromium browser) could potentially leverage this shared IPC to interact with or compromise other processes on the host system, leading to information disclosure or privilege escalation. Re-evaluate the necessity of `--ipc=host`. If it is required for Playwright's functionality, investigate if more granular IPC sharing options are available or if the risk can be mitigated by other means, such as running the container with a non-root user and stricter security profiles (e.g., Seccomp, AppArmor). | LLM | browse.js:79 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/ricardodantas/podman-browser/SKILL.md:1 | |
| MEDIUM | Chromium sandbox disabled within container Chromium is launched inside the container with `--no-sandbox` and `--disable-setuid-sandbox` arguments. While the container itself provides a layer of isolation, disabling the browser's internal sandbox removes a critical security boundary. If a user-provided URL leads to a malicious website exploiting a Chromium vulnerability, the impact within the container is significantly increased, potentially leading to full compromise of the container. This risk is amplified by the `--ipc=host` setting, which could allow a container escape. Avoid disabling the Chromium sandbox unless absolutely necessary and the implications are fully understood. If the sandbox is disabled due to running as root, explore running the container as a non-root user. If a sandbox is truly problematic for Playwright, ensure that all URLs processed by the skill are from highly trusted and validated sources. | LLM | browse.js:56 | |
| LOW | Potential for data exfiltration via arbitrary URL fetching The skill's primary function is to fetch content from a user-provided URL. While this is the intended behavior, a compromised or malicious LLM could instruct the skill to fetch sensitive data from internal network resources (if accessible) or authenticated external services. The fetched content (HTML or text) would then be returned to the LLM, potentially leading to data exfiltration. Implement strict URL validation and sanitization. Consider an allow-list of domains, blocking access to internal IP ranges, and preventing `file://` or other local resource schemes. Inform users that this skill can access arbitrary web content and should be used with caution, especially when providing URLs. | LLM | browse.js:77 |
Scan History
Embed Code
[](https://skillshield.io/report/2a6d3a468e2a0972)
Powered by SkillShield