Agent Browser Xyhh

This skill appears to be a wrapper around an external 'agent-browser' CLI and mostly does what it says, but there are a few inconsistencies and network-install risks to consider before installing: - Metadata mismatches: the included _meta.json ownerId/version do not match the registry metadata; this could be a packaging mistake or indicate the bundle wasn't maintained carefully. Ask the publisher or check the skill registry entry for provenance. - Missing declared tools: SKILL.md suggests using git and pnpm (and running npm -g), but the skill's declared required binaries only list node and npm. If you plan to build from source, ensure git and pnpm are available and trusted. - Network install: the instructions recommend npm install -g agent-browser which will download code from the npm registry. Verify the package name, author, and npm page. Prefer installing in a controlled environment (container, VM) rather than on a critical machine. - Review upstream: the README points to github.com/vercel-labs/agent-browser — inspect that repository, confirm maintainers, and check package contents and release signatures if possible. - Data-exfiltration risk: any browser automation tool can be used to visit pages and extract data. Be cautious when running it against sensitive sites or when allowing the agent to navigate pages containing secrets. If you want to proceed: validate the npm package and repository, avoid installing globally on a production host, and run the tool in an isolated environment until you are confident in its provenance.