Fähigkeiten browser-use Audit-Verlauf
🌐

Audit-Verlauf

browser-use - 5 Audits

Audit-Version 5

Neueste Niedriges Risiko

Jan 16, 2026, 03:51 PM

This is legitimate browser automation software using Playwright MCP. Static findings are primarily false positives: markdown documentation examples are flagged as shell execution, JSON Schema URIs are misidentified as weak cryptography, and subprocess.Popen is legitimate MCP server connection logic. No evidence of malicious intent or data exfiltration.

6
Gescannte Dateien
1,766
Analysierte Zeilen
1
befunde
claude
Auditiert von
Keine Sicherheitsprobleme gefunden

Risikofaktoren

⚡ Enthält Skripte (3)
scripts/mcp-client.py:1-500 scripts/start-server.sh:1-27 scripts/stop-server.sh:1-30

Audit-Version 4

Niedriges Risiko

Jan 16, 2026, 03:51 PM

This is legitimate browser automation software using Playwright MCP. Static findings are primarily false positives: markdown documentation examples are flagged as shell execution, JSON Schema URIs are misidentified as weak cryptography, and subprocess.Popen is legitimate MCP server connection logic. No evidence of malicious intent or data exfiltration.

6
Gescannte Dateien
1,766
Analysierte Zeilen
1
befunde
claude
Auditiert von
Keine Sicherheitsprobleme gefunden

Risikofaktoren

⚡ Enthält Skripte (3)
scripts/mcp-client.py:1-500 scripts/start-server.sh:1-27 scripts/stop-server.sh:1-30

Audit-Version 3

Niedriges Risiko

Jan 10, 2026, 09:49 AM

This skill is a legitimate browser automation tool. It starts the official Playwright MCP server, uses a Python HTTP client to communicate with it, and provides standard browser automation capabilities. No credential theft, data exfiltration, or malicious patterns detected.

5
Gescannte Dateien
1,533
Analysierte Zeilen
2
befunde
claude
Auditiert von
Probleme mit niedrigem Risiko (2)
scripts/start-server.sh:6-16
PID file in /tmp directory
The start-server.sh script writes a PID file to /tmp/playwright-mcp-${PORT}.pid. While this is standard practice, /tmp is world-writable and an attacker with local access could potentially manipulate it. The PID file is used to track the running server process. Code location: scripts/start-server.sh:16 ```bash echo $! > "$PID_FILE" ```
scripts/mcp-client.py:204-211
Shell=True in subprocess for stdio transport
The mcp-client.py uses shell=True in subprocess.Popen for stdio transport (line 204-211). This can introduce command injection risks if user input is passed unsafely to the command. However, in this context, the command is constructed from fixed strings and the --stdio argument is intended for local MCP servers. Code location: scripts/mcp-client.py:204-211 ```python self._process = subprocess.Popen( self.command, shell=True, ... ) ```

Audit-Version 2

Niedriges Risiko

Jan 10, 2026, 09:49 AM

This skill is a legitimate browser automation tool. It starts the official Playwright MCP server, uses a Python HTTP client to communicate with it, and provides standard browser automation capabilities. No credential theft, data exfiltration, or malicious patterns detected.

5
Gescannte Dateien
1,533
Analysierte Zeilen
2
befunde
claude
Auditiert von
Probleme mit niedrigem Risiko (2)
scripts/start-server.sh:6-16
PID file in /tmp directory
The start-server.sh script writes a PID file to /tmp/playwright-mcp-${PORT}.pid. While this is standard practice, /tmp is world-writable and an attacker with local access could potentially manipulate it. The PID file is used to track the running server process. Code location: scripts/start-server.sh:16 ```bash echo $! > "$PID_FILE" ```
scripts/mcp-client.py:204-211
Shell=True in subprocess for stdio transport
The mcp-client.py uses shell=True in subprocess.Popen for stdio transport (line 204-211). This can introduce command injection risks if user input is passed unsafely to the command. However, in this context, the command is constructed from fixed strings and the --stdio argument is intended for local MCP servers. Code location: scripts/mcp-client.py:204-211 ```python self._process = subprocess.Popen( self.command, shell=True, ... ) ```

Audit-Version 1

Niedriges Risiko

Jan 10, 2026, 09:49 AM

This skill is a legitimate browser automation tool. It starts the official Playwright MCP server, uses a Python HTTP client to communicate with it, and provides standard browser automation capabilities. No credential theft, data exfiltration, or malicious patterns detected.

5
Gescannte Dateien
1,533
Analysierte Zeilen
2
befunde
claude
Auditiert von
Probleme mit niedrigem Risiko (2)
scripts/start-server.sh:6-16
PID file in /tmp directory
The start-server.sh script writes a PID file to /tmp/playwright-mcp-${PORT}.pid. While this is standard practice, /tmp is world-writable and an attacker with local access could potentially manipulate it. The PID file is used to track the running server process. Code location: scripts/start-server.sh:16 ```bash echo $! > "$PID_FILE" ```
scripts/mcp-client.py:204-211
Shell=True in subprocess for stdio transport
The mcp-client.py uses shell=True in subprocess.Popen for stdio transport (line 204-211). This can introduce command injection risks if user input is passed unsafely to the command. However, in this context, the command is constructed from fixed strings and the --stdio argument is intended for local MCP servers. Code location: scripts/mcp-client.py:204-211 ```python self._process = subprocess.Popen( self.command, shell=True, ... ) ```
← Zurück zum Skill