📦

审计历史

agent-browser - 2 审计

审计版本 2

最新低风险

Feb 26, 2026, 08:58 AM

Static analysis detected 609 patterns but evaluation confirms these are FALSE POSITIVES. External command patterns are legitimate CLI calls to inference.sh service. Hardcoded URLs are official service endpoints. Path traversal patterns are markdown documentation links. Browser credential references describe session state storage (cookies, localStorage), not file access. No malicious intent or security vulnerabilities detected. The skill is a legitimate browser automation tool with expected remote service communication.

已扫描文件

2,312

分析行数

发现项

claude

审计者

低风险问题 (1)

SKILL.md:17

Documentation references curl pipe to shell

Install documentation mentions 'curl | sh' pattern which is generally discouraged for security. However, this is documentation only, not executable skill code, and points to official inference.sh CLI.

风险因素

⚙️ 外部命令 (3)

SKILL.md:17 SKILL.md:20 SKILL.md:36-38

🌐 网络访问 (3)

SKILL.md:9 SKILL.md:17 SKILL.md:23

📁 文件系统访问 (1)

SKILL.md:5

审计版本 1

安全

Feb 27, 2026, 08:52 AM

All 609 static analysis findings are false positives from documentation and template files. The skill contains only legitimate bash scripts demonstrating browser automation workflows. External command patterns are CLI examples showing proper infsh usage. Network findings are example URLs in documentation. No malicious code, credential exfiltration, or unauthorized data transmission detected. The skill is a well-documented browser automation tool with no security concerns.

已扫描文件

2,312

分析行数

发现项

claude

审计者

未发现安全问题

风险因素

⚙️ 外部命令 (3)

SKILL.md:9-23 templates/authenticated-session.sh:30-43 templates/form-automation.sh:28-33

🌐 网络访问 (2)

SKILL.md:9-11 references/commands.md:23-26

📁 文件系统访问 (2)

templates/authenticated-session.sh:28-31 templates/capture-workflow.sh:28

← 返回技能