Back to plugin

Security audit

Browser Agent (CDP)

Security checks across malware telemetry and agentic risk

Overview

This plugin appears to do what it claims: it adds browser automation through agent-browser/CDP, without asking for unrelated credentials.

Install this only if you are comfortable letting your agent control a browser and read or interact with pages you open, including authenticated sessions if you connect it to your logged-in Chrome. For safer use, consider using a separate browser profile, limiting domains with AGENT_BROWSER_ALLOWED_DOMAINS, and avoiding CDP access to your main logged-in browser unless you need it.

VirusTotal

VirusTotal engine telemetry is currently stale for this artifact.

View on VirusTotal

Static analysis

Detected: suspicious.dangerous_exec

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
index.js:12
Evidence
const version = execSync(`${bin} --version`, {

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
setup.js:11
Evidence
const version = execSync(`${bin} --version`, {