Browserhub
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This appears to be a normal Browserhub/Membrane integration, but it requires installing and logging into Membrane and can send direct Browserhub API requests that may change account data.
Use this skill if you trust Membrane and intend to manage Browserhub through it. Install the CLI from the expected source, connect only the account you want the agent to use, prefer the prebuilt action commands, and carefully review any direct proxy request or mutating command before running it.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the CLI gives an external npm package local execution capability on the user's machine.
The skill depends on a globally installed npm CLI that is not included in the artifact set or pinned by version; this is a normal setup step for the integration, but users must trust the external package.
npm install -g @membranehq/cli
Install the CLI only from the expected npm package/source and consider reviewing the Membrane CLI documentation before use.
Actions run through this skill may access or change Browserhub account resources according to the connected account's permissions.
The skill relies on Membrane-managed authentication and refreshed delegated credentials for Browserhub; this is disclosed and purpose-aligned, but it means the connection can act within the user's Browserhub/Membrane account permissions.
Membrane handles authentication and credentials refresh automatically
Connect only the intended Browserhub account and revoke the Membrane connection if you no longer want this delegated access.
A mistaken direct API request could modify or delete Browserhub resources or trigger activity that consumes account credits.
The proxy command can send direct Browserhub API requests, including mutating or deleting requests. The document frames this as a fallback when prebuilt actions do not cover the use case and recommends preferring Membrane actions.
membrane request CONNECTION_ID /path/to/endpoint ... HTTP method (GET, POST, PUT, PATCH, DELETE)
Prefer listed Membrane actions when possible and review/confirm direct proxy requests, especially POST, PUT, PATCH, or DELETE calls.