Agent Browser

This skill appears coherent for browser automation, but it legitimately performs high-sensitivity actions—read and follow these precautions before installing or running it: - Treat state files (auth.json, auth-state.json, etc.) as secrets: do not commit them to version control and delete them when done. Use the recommended AGENT_BROWSER_ENCRYPTION_KEY if you persist state. - Importing a running Chrome (--auto-connect) exposes all cookies and tokens from that browser to the tool; only do this on a trusted machine and close Chrome when finished. - The tool supports eval of arbitrary JavaScript and exposing the CDP WebSocket URL; avoid running untrusted scripts or sharing CDP URLs as they can give full control over your browser session. - Proxy/network-routing features can be used for legitimate geo-testing but can also route data through third-party proxies—ensure you trust proxy endpoints and avoid embedding credentials in plain text. - The provided templates expect environment variables like APP_USERNAME/APP_PASSWORD even though they are not declared as required—set these in a secure environment (CI secrets, local protected env) and prefer the 'auth vault' workflow the docs recommend. - Run automation that uses real credentials in an isolated environment (ephemeral profile or VM) where possible, and prefer short-lived sessions for CI. If you want a stricter check before installing, ask the publisher for: (1) the official source/repository URL or release artifacts, (2) a signed binary or release on a well-known host, and (3) clarification which env vars are required vs optional. If you cannot verify the upstream source, run this tool only in isolated/test environments.