agent-browser-cli-control
Fail
Audited by Gen Agent Trust Hub on May 17, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFEREMOTE_CODE_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the installation of a global NPM package
@sleepinsummer/agent-browser-cliand cloning of a GitHub repositorygithub.com/sleepinginsummer/agent-browser-cli. These external sources are not from a verified or trusted vendor, posing a supply chain risk. - [COMMAND_EXECUTION]: The skill makes extensive use of the
agent-browser-clitool to perform system-level operations, such as starting a background daemon and executing shell-based commands that interact directly with the user's browser. - [CREDENTIALS_UNSAFE]: The tool provides specific functionality to extract all cookies from the active browser session (
agent-browser-cli cookies). Since the tool targets a live, authenticated Chrome session, this exposes active session tokens and sensitive user credentials to the agent and the underlying CLI tool. - [REMOTE_CODE_EXECUTION]: The
agent-browser-cli execcommand allows for the execution of arbitrary JavaScript within the context of any open browser tab. Given the tool is downloaded from an unverified source, this capability could be used to perform unauthorized actions in the user's web accounts.
Recommendations
- AI detected serious security threats
Audit Metadata