chrome-use
Fail
Audited by Snyk on Jun 17, 2026
Risk Level: CRITICAL
Full Analysis
CRITICAL E005: Suspicious download URL detected in skill instructions.
- Suspicious download URL detected (high risk: 0.90). One URL is a direct raw.githubusercontent.com link to an install.sh (a direct "curl | sh" style installer from a single unknown GitHub user) which is a high-risk vector for arbitrary code execution, while the dashboard URL is just a localhost origin and not inherently risky on its own but does not reduce the danger of executing the fetched script.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 1.00). The skill directs users to run a remote installer via "curl -fsSL https://raw.githubusercontent.com/leeguooooo/chrome-use/main/install.sh | sh", which fetches and executes remote code at runtime and is presented as the required self-heal installation, so it directly controls execution.
Issues (2)
E005
CRITICALSuspicious download URL detected in skill instructions.
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata