browser-trace
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill operates as a diagnostic utility, collecting and organizing browser session data for post-mortem analysis. All behaviors are consistent with its documented purpose.
- [COMMAND_EXECUTION]: Utilizes Node.js standard library functions (
child_process.spawnandexecFileSync) to manage data collection processes and interface with thebrowseCLI. These operations are performed without an intermediate shell, mitigating standard command injection risks during process invocation. - [EXTERNAL_DOWNLOADS]: Interacts with the Browserbase platform via the
browseCLI and its public APIs when configured for remote sessions. These are legitimate interactions with a well-known service as described in the skill's primary functionality. - [DATA_EXFILTRATION]: Captures potentially sensitive browser session data (such as headers, console logs, and DOM snapshots) and stores it in a local directory (
.o11y/). This behavior is the core intended functionality of the tool and is clearly disclosed to the user.
Audit Metadata