Browser Agent Bridge CLI
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill clearly aims to control the user's Chrome tab, but it grants broad live-browser control through unreviewed external components and a background bridge without clear action limits or cleanup.
Review the external CLI and Chrome extension before installing. Use a separate Chrome profile or low-privilege account, generate fresh strong tokens, approve each sensitive browser action, and stop the background server and disconnect the extension when finished.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could click, type, navigate, or submit forms in the user's active browser context, including on sensitive or logged-in sites.
The skill exposes broad browser-control actions that can change page state or submit data. The artifact does not describe user confirmation or scope limits for high-impact actions.
- remote tab actions (navigate, click, type, press_key, scroll)
Only use this with explicit user direction, and require confirmation before purchases, submissions, account changes, messages, posts, or other irreversible actions.
Actions taken through the bridge may be treated by websites as actions from the user, not as a separate limited automation identity.
A live browser context commonly includes the user's cookies, logged-in sessions, and account privileges. The skill does not clearly bound which sites, sessions, or identities may be used.
- browser automation with live user browser context
Use a dedicated browser profile or test account where possible, and avoid connecting this bridge to sensitive personal, financial, admin, or production sessions.
The reviewed skill file does not let the user verify exactly what package or extension code will run before granting it browser access.
The skill depends on external CLI and Chrome extension code that is not included in the supplied artifacts and is not version-pinned, while those components receive high-impact browser-control authority.
pipx install browser-agent-bridge ... Load unpacked ... from https://github.com/NmadeleiDev/browser_agent_bridge (`extension/` folder)
Review the PyPI package and GitHub extension source, pin trusted versions or commits, and install only from a verified publisher/source.
The local bridge may remain running after the immediate task, leaving an active control channel if the extension stays connected.
The bridge server is intentionally started in the background, creating a continuing browser-control channel. The provided artifact does not show cleanup, shutdown, or timeout instructions.
browser-bridge-server >/tmp/browser-bridge-server.log 2>&1 & echo $! >/tmp/browser-bridge-server.pid
Stop the bridge server after use, rotate tokens between sessions, and disconnect or remove the browser extension when finished.
Anyone who can access the local bridge and valid tokens could potentially send browser commands or receive page observations.
The design uses a local WebSocket bridge between the extension and operator CLI. This is expected for the purpose, but the channel carries sensitive browser commands and page data.
Bridge server routes messages between browser and operator. ... Extension client WS: `ws://127.0.0.1:8765/ws/client` ... Operator CLI WS: `ws://127.0.0.1:8765/ws/operator`
Keep the service bound to localhost, use fresh strong tokens, do not share the operator token, and shut down the bridge after use.