agent-browser / electron

github.com/vercel-labs/agent-browser/Author: vercel-labs/Scanned 4h ago

https://skillshield.dev/scan/github.com/vercel-labs/agent-browser/electron

Low Risk

Automate Electron desktop apps (VS Code, Slack, Discord, Figma, Notion, Spotify, etc.) using agent-browser via Chrome DevTools Protocol. Use when the user needs to interact with an Electron app, automate a desktop app, connect to a running app, control a native app, or test an Electron application. Triggers include "automate Slack app", "control VS Code", "interact with Discord app", "test this Electron app", "connect to desktop app", or any task requiring automation of a native Electron application.

Findings (4)

Findings Preview

Encourages Disabling Application Security

The skill directs the user/agent to relaunch applications with remote debugging enabled. This bypasses standard application sandboxing and security boundaries, exposing the internal state of the application to any process on the local machine that can connect to the specified port.

high

skills/electron:73

72
73**Important:** If the app is already running, quit it first, then relaunch with the flag. The `--remote-debugging-port` flag must be present at launch time.
74

Category Breakdown

Malware & Backdoors

10030%

Prompt Injection

10025%

Data Exfiltration

10020%

Encoding & Obfuscation

10010%

Excessive Permissions

1008%

Secret Exposure

1005%

Supply Chain

100–

Behavioral Manip.

1002%