Functions

The skill is classified as suspicious due to its instructions for the AI agent to handle sensitive API keys and execute package manager commands. Specifically, `SKILL.md` instructs the agent to export and write `BROWSERBASE_API_KEY` and `BROWSERBASE_PROJECT_ID` to a `.env` file, implying access to these credentials. It also directs the agent to execute `pnpm dlx @browserbasehq/sdk-functions init` and `pnpm install`, which involve downloading and executing arbitrary code from external sources. While these actions are plausibly necessary for the stated purpose of deploying serverless browser automation, they represent high-risk capabilities that could be misused.