Trust Assessment
stealthy-auto-browse received a trust score of 86/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Arbitrary JavaScript execution via 'eval' action.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Arbitrary JavaScript execution via 'eval' action The skill exposes an 'eval' action that allows arbitrary JavaScript code to be executed within the context of the browsed web page. If the 'expression' parameter is influenced by untrusted user input (e.g., from a malicious prompt to the LLM), this could lead to data exfiltration (e.g., reading cookies, local storage), session hijacking, or other client-side attacks on the target website. This grants excessive permissions within the browser environment. Restrict or remove the 'eval' action. If arbitrary JavaScript execution is absolutely necessary, implement strict sanitization and validation of the 'expression' parameter to prevent arbitrary code injection. Consider if a more limited set of predefined JavaScript operations can achieve the desired functionality without exposing arbitrary execution. | LLM | SKILL.md:300 |
Scan History
Embed Code
[](https://skillshield.io/report/5c545d7a36b8afc2)
Powered by SkillShield