dev-browser
Browser automation with persistent page state. Use when users ask to navigate websites, fill forms, take screenshots, extract web data, test web apps, or automate browser workflows. Trigger phrases include "go to [url]", "click on", "fill out the form", "take a screenshot", "scrape", "automate", "test the website", "log into", or any browser interaction request.
100
100%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Critical
Do not install without reviewing
Security
3 findings — 1 critical severity, 2 medium severity. Installing this skill is not recommended: please review these findings carefully if you do intend to do so.
E006: Malicious code pattern detected in skill scripts
What this means
Detected high-risk code patterns in the skill content — including its prompts, tool definitions, and resources — such as data exfiltration, backdoors, remote code execution, credential theft, system compromise, supply chain attacks, and obfuscation techniques.
Why it was flagged
Malicious code pattern detected (high risk: 0.90). The skill contains explicit, high-risk capabilities for capturing authentication headers/cookies and API responses, saving them to disk, and remotely controlling a user's already-authenticated Chrome via an extension/relay—features that enable credential theft, data exfiltration, and remote access if abused.
W011: Third-party content exposure detected (indirect prompt injection risk)
What this means
The skill exposes the agent to untrusted, user-generated content from public third-party sources, creating a risk of indirect prompt injection. This includes browsing arbitrary URLs, reading social media posts or forum comments, and analyzing content from unknown websites.
Why it was flagged
Third-party content exposure detected (high risk: 1.00). The skill explicitly automates browsing and scraping of arbitrary public websites (e.g., SKILL.md shows page.goto/getAISnapshot/page.evaluate and references/scraping.md shows page.on("response") and replaying API requests), so it ingests untrusted, user-generated third-party content that the agent reads and acts on (including choosing elements, replaying requests, and deciding next actions).
W012: Unverifiable external dependency detected (runtime URL that controls agent)
What this means
The skill fetches instructions or code from an external URL at runtime, and the fetched content directly controls the agent’s prompts or executes code. This dynamic dependency allows the external source to modify the agent’s behavior without any changes to the skill itself.
Why it was flagged
Potentially malicious external URL detected (high risk: 0.90). The installation steps explicitly instruct cloning and running code from the repository https://github.com/sawyerhood/dev-browser (git clone + npm install/start), which fetches remote code that will be executed and is a required dependency for the skill.
- Repository
- code-yeongyu/oh-my-openagent
- Commit
beb89fa
- Audited
- Security analysis
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.