Security Audit

vercel-labs/agent-browser:skills/electron

github.com/vercel-labs/agent-browser

AI SkillCommit aba2353112ea

TRUSTED

Scanned 23 days ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

vercel-labs/agent-browser:skills/electron received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.

SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Undeclared Bash Commands Used in Skill Examples.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on March 6, 2026 (commit aba23531). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

85%

Dependency Graph

100%

LLM Behavioral Safety

100%

Behavioral Risk Signals

Shell Execution

1 finding

Excessive Permissions

1 finding

Security Findings1

Severity	Finding	Layer	Location
HIGH	Undeclared Bash Commands Used in Skill Examples The skill's `allowed-tools` manifest declares permissions for `Bash(agent-browser:)` and `Bash(npx agent-browser:)`. However, the skill's examples in `SKILL.md` demonstrate the use of several other Bash commands (`open`, `sleep`, `lsof`, `slack`, `code`, `discord`, etc.) that are not covered by the declared permissions. This indicates that the skill, if executed as described, would attempt to use commands for which it has not explicitly declared permissions, potentially leading to broader system access than intended or communicated. Update the `allowed-tools` manifest to explicitly declare all Bash commands and patterns that the skill intends to use (e.g., `Bash(open )`, `Bash(sleep )`, `Bash(lsof )`, `Bash(slack )`, etc.). Alternatively, modify the skill's examples to only use commands covered by the currently declared permissions, or ensure that the agent environment strictly enforces the declared permissions and prevents execution of undeclared commands.	Static	SKILL.md:20

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/a3118949e29ac154.svg)](https://skillshield.io/report/a3118949e29ac154)