Browser Use.Conflict
Security checks across malware telemetry and agentic risk
Overview
This is a browser automation skill, but it exposes broad browser-session, cookie, cloud/tunnel, and persistent code-execution capabilities that are not tightly scoped.
Install only if you trust the external browser-use CLI and need this level of browser control. Use an isolated test profile, avoid existing Chrome profiles and cookie export unless explicitly required, do not run Python/scripts from untrusted sources, be careful with cloud/tunnel commands, and close sessions when done.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could act as the user on logged-in websites or expose reusable session cookies if those commands are used.
The skill documents using a real Chrome profile with existing authenticated sessions and provides cookie export/import commands, but the artifacts do not bound which accounts, cookies, or sites may be used.
browser-use --profile "Default" open <url> # Real Chrome with Default profile (existing logins/cookies) browser-use cookies export <file> # Export to JSON
Prefer a fresh test browser profile. Use --profile, --connect, and cookie export/import only when the user explicitly asks and understands the account/session impact.
If invoked carelessly, this could run local code with access beyond the browser task, depending on the external CLI's sandboxing.
The allowed browser-use command surface includes persistent Python execution and running local Python files, which is broader than simple browser navigation and extraction.
browser-use python "code" # Execute Python (variables persist across calls) browser-use python --file script.py # Run file
Do not use the Python subcommand or run script files unless explicitly requested by the user and sourced from trusted, reviewed code.
The agent could invoke provider API operations or other powerful browser-use subcommands outside the user's immediate expectation.
The wildcard tool permission exposes all browser-use subcommands, including raw cloud API passthrough, without artifact-level limits or confirmation requirements for higher-impact actions.
allowed-tools: Bash(browser-use:*)
browser-use cloud v2 GET /browsers # REST passthrough (v2 or v3)
browser-use cloud v2 POST /tasks '{"task":"...","url":"..."}'Constrain use to the minimal browser commands needed for the task, and require explicit confirmation before cloud API passthrough, account/session mutation, uploads, or other high-impact actions.
Users may have difficulty verifying which publisher/version they are trusting, especially because the external CLI can access sensitive browser state.
The embedded metadata differs from the provided registry metadata, which lists a different owner ID, slug browser-use-conflict, and version 1.0.0. The skill also has unknown source/homepage and no install spec for the required CLI.
"ownerId": "kn71fxj97n86164tdd84bymp3n7zypxq", "slug": "browser-use", "version": "2.0.0"
Verify the publisher and intended browser-use CLI source before installation, and prefer a package whose registry metadata, embedded metadata, and dependency provenance match.
Browser traffic or local services may be exposed to a third-party cloud/tunnel provider if these features are used.
The skill documents cloud browser connections and Cloudflare tunnels, which can route browser activity or expose local services through external infrastructure.
browser-use cloud connect # Provision cloud browser and connect `cloud connect` provisions a cloud browser, connects via CDP, and prints a live URL. browser-use tunnel <port> # Start Cloudflare tunnel (idempotent)
Use cloud and tunnel commands only when needed, avoid sensitive accounts or private local services, and close the connection when finished.
Open sessions may continue to exist until closed, which matters more if the browser is logged into real accounts.
The background daemon and persistent browser are disclosed and cleanup is documented, but users should notice that browser state can remain active across commands.
A background daemon keeps the browser open across commands, giving ~50ms latency per call. 5. **Repeat**: browser stays open between commands 6. **Cleanup**: `browser-use close` when done
Run browser-use close when finished, and avoid persistent real-profile sessions unless they are necessary.