🌐

سجل التدقيق

browser-use - 2 عمليات التدقيق

إصدار التدقيق 2

الأحدث مخاطر منخفضة

Mar 19, 2026, 08:21 AM

Static analysis flagged 163 patterns in SKILL.md documentation file. All findings are false positives: backtick patterns are markdown code blocks documenting CLI usage, URLs are example/documentation links, and file paths reference user-controlled locations for legitimate browser profile and cookie management. The skill provides browser automation via the browser-use CLI with no malicious intent detected.

الملفات التي تم فحصها

547

الأسطر التي تم تحليلها

النتائج

claude

تم تدقيقه بواسطة

مشكلات متوسطة المخاطر (1)

SKILL.md:405-407

Cookie Export/Import Capability

The skill supports exporting cookies to files and importing them, which could expose session tokens if misused. This is legitimate browser profile syncing functionality but should be documented.

مشكلات منخفضة المخاطر (2)

SKILL.md:45-80

External Command Documentation

SKILL.md contains extensive documentation of browser-use CLI commands. All instances are markdown code blocks for documentation purposes, not actual code execution.

SKILL.md:19

Hardcoded URLs in Documentation

Multiple example URLs present in SKILL.md including github.com, example.com. These are documentation links and example values, not hardcoded endpoints for data exfiltration.

عوامل الخطر

⚙️ الأوامر الخارجية (2)

SKILL.md:15-17 SKILL.md:45-80

🌐 الوصول إلى الشبكة (2)

SKILL.md:19 SKILL.md:204

📁 الوصول إلى نظام الملفات (2)

SKILL.md:40 SKILL.md:405-407

إصدار التدقيق 1

مخاطر منخفضة

Jan 26, 2026, 07:53 AM

Static analysis flagged patterns in SKILL.md documentation as potential security risks. After evaluation, all findings are false positives: bash code blocks were misidentified as shell execution, example URLs were flagged as hardcoded network endpoints, and documented environment variables were misclassified as credential access. The skill is a legitimate browser automation CLI tool with no malicious code or behavior patterns.

الملفات التي تم فحصها

219

الأسطر التي تم تحليلها

النتائج

claude

تم تدقيقه بواسطة

مشكلات متوسطة المخاطر (3)

SKILL.md:9 SKILL.md:13-20 SKILL.md:24-26 SKILL.md:32-37 SKILL.md:46-51 SKILL.md:54-59 SKILL.md:61-69 SKILL.md:71-76 SKILL.md:78-82 SKILL.md:84-92

Documentation Code Blocks Misidentified as Shell Execution

Static analyzer flagged 67 instances of 'Ruby/shell backtick execution' in SKILL.md markdown file. These are bash code block examples (```bash ... ```) used for documentation purposes, not actual backtick shell execution.

SKILL.md:14 SKILL.md:143 SKILL.md:155-156 SKILL.md:164 SKILL.md:176

Example URLs in Documentation Misidentified as Hardcoded Network Endpoints

Static analyzer flagged 6 hardcoded URLs in SKILL.md. These are example URLs (https://example.com, https://gmail.com, etc.) used in documentation to demonstrate CLI usage.

SKILL.md:41 SKILL.md:110

Documented Environment Variables Misclassified as Credential Access

Static analyzer flagged environment variable references (BROWSER_USE_API_KEY, OPENAI_API_KEY, ANTHROPIC_API_KEY) as credential access. These are documented configuration options for the CLI tool.

مشكلات منخفضة المخاطر (1)

SKILL.md:56

Base64 Encoding Reference in Screenshot Output

Documentation mentions base64 output for screenshots. Base64 is encoding, not cryptographic encryption.

عوامل الخطر

⚙️ الأوامر الخارجية (1)

SKILL.md:9-218

🌐 الوصول إلى الشبكة (5)

SKILL.md:14 SKILL.md:143 SKILL.md:155-156 SKILL.md:164 SKILL.md:176

📁 الوصول إلى نظام الملفات (4)

SKILL.md:57 SKILL.md:58 SKILL.md:100 SKILL.md:169

← العودة إلى المهارة