ClawHub

Agent Browser

v0.1.0

Headless browser automation CLI optimized for AI agents with accessibility tree snapshots and ref-based element selection

291· 78.1k·539 current·594 all-time
by@matrixy
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description claim headless browser automation; the SKILL.md only instructs the agent to run an agent-browser CLI (navigation, snapshot, refs, sessions, state save/load, network controls). All required capabilities align with that stated purpose.
Instruction Scope
Instructions stay within browser automation scope (open, snapshot, click, fill, state save/load, network routing, execute wait functions). Note: state save/load writes/reads auth JSON (cookies/storage) and the wait/--fn mechanism implies arbitrary JS evaluation in page context — both are expected for automation but can expose credentials or data if misused.
Install Mechanism
This is instruction-only (no install spec in registry). The SKILL.md documents installing agent-browser via npm and that agent-browser can download Chromium; that is reasonable documentation but outside the skill bundle. If you install the CLI, its installer will fetch large browser binaries — review that tool's source before installing.
Credentials
The skill declares no required env vars or credentials. It mentions an optional AGENT_BROWSER_SESSION env var and uses file paths for state (e.g., auth.json) — these are proportional to a browser automation tool but are locations where sensitive tokens/cookies may be stored.
Persistence & Privilege
Skill is not always-enabled and does not request persistence or cross-skill config changes. It instructs using session/state files for browser contexts, which is normal and limited to the browser tool's scope.
Assessment
This skill is a set of instructions for using the agent-browser CLI (no code shipped). Before installing or using it: 1) Confirm you trust the agent-browser binary/source (SKILL.md points to a GitHub repo) — installing the CLI will download Chromium and run code on your machine. 2) Treat saved state files (auth.json) as sensitive — they contain cookies/storage that can authenticate as you; avoid loading state files from untrusted sources. 3) Be aware the tool can run JS in page context (wait --fn) and mock network requests — useful for automation but could be abused to exfiltrate data if run on sensitive sites. 4) Limit the agent's permissions and only allow invocation when necessary. If you need extra assurance, review the agent-browser project's repository and npm package before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk972cehvcj0t10a68e1jk05k057zmerc

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🌐 Clawdis

Comments