The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill downloads the js-reverse-mcp and cloakbrowser packages from the npm registry. The --cloak flag triggers a runtime download of a ~200MB CloakBrowser binary from an external source.\n- [REMOTE_CODE_EXECUTION]: Installation instructions utilize npx to execute code from external registries. The skill also suggests cloning a repository from a third-party GitHub account (zhizhuodemao) that does not match the stated author (Aradotso).\n- [COMMAND_EXECUTION]: The evaluate_script tool allows for arbitrary JavaScript execution within the browser context. The save_script_source tool allows the agent to write data to local file paths specified at runtime.\n- [DATA_EXFILTRATION]: The skill provides comprehensive tools for capturing sensitive browser data, including network request initiators, WebSocket message payloads, and session state such as cookies and localStorage.\n- [PROMPT_INJECTION]: The skill processes untrusted content from external websites and possesses high-privilege capabilities like script execution and file writing, which creates a surface for indirect prompt injection.\n
Ingestion points: Untrusted web content via new_page and navigate_page.\n
Boundary markers: Absent.\n
Capability inventory: evaluate_script (browser JS execution), save_script_source (file system write), take_screenshot.\n
Sanitization: Absent.

js-reverse-mcp-debugging