cookie-sync
Warn
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [DATA_EXFILTRATION]: The skill is designed to export sensitive authentication cookies from the local browser and synchronize them with a remote cloud context on the Browserbase platform.
- [DATA_EXFILTRATION]: The script reads local browser profile directories to access the
DevToolsActivePortfile, which allows the skill to gain debugging control over the active browser. - [COMMAND_EXECUTION]: The skill uses
child_process.execSyncto invoke the browser binary and check its version string during the synchronization process. - [EXTERNAL_DOWNLOADS]: The skill setup requires downloading and installing third-party packages
@browserbasehq/sdkand@browserbasehq/stagehandfrom the npm registry.
Audit Metadata