Is kdegeek/agent-browser-0 safe?

https://github.com/openclaw/skills/tree/main/skills/kdegeek/agent-browser-0

94
SAFE

This skill provides comprehensive documentation for the agent-browser CLI tool, a legitimate browser automation utility. The skill itself contains only documentation and no executable code, with no evidence of malicious behavior during installation. While browser automation tools can be misused, this skill appears to be a straightforward documentation wrapper.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 90/100 · 25%
Code Execution 95/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 85/100 · 5%

Findings (3)

LOW Browser automation capability -10

This skill provides documentation for a browser automation tool that can navigate websites and extract data. While this is the intended functionality, it could theoretically be misused for unauthorized data collection.

LOW Requires external CLI installation -5

The skill documents a tool that requires npm installation of 'agent-browser', expanding the potential attack surface beyond the skill itself.

INFO Legitimate browser automation documentation -15

The skill appears to be legitimate documentation for the agent-browser CLI tool with proper attribution and clear functionality descriptions.