Is jamesfincher/browserbase safe?

https://github.com/openclaw/skills/tree/main/skills/jamesfincher/browserbase

92
SAFE

This skill provides legitimate browser automation functionality through Browserbase's cloud service. All detected behaviors align with the stated purpose of managing persistent browser sessions with authentication. No malicious activity or security vulnerabilities were identified.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 90/100 · 25%
Code Execution 85/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 90/100 · 5%

Findings (4)

LOW API Credential Environment Access -10

The skill reads API credentials from environment variables BROWSERBASE_API_KEY and BROWSERBASE_PROJECT_ID, which is standard practice but creates a potential data exposure point.

LOW Executable Python Script -15

The skill contains substantial executable Python code for browser automation functionality, which increases the attack surface but is necessary for the stated purpose.

INFO External Service Dependencies -5

References to external Browserbase services are legitimate and properly contextualized within the skill's documentation.

INFO Browser Automation Capabilities -10

Provides powerful browser automation features that could potentially be misused, but this is inherent to legitimate browser automation tools.