Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Xiaopi Agent Browser
v1.0.0A fast Rust-based headless browser automation CLI with Node.js fallback that enables AI agents to navigate, click, type, and snapshot pages via structured co...
⭐ 0· 41·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The SKILL.md describes a Rust-based CLI with a Node.js fallback and shows npm-based installation instructions. The registry metadata requires node and npm as binaries, yet a Rust binary would not normally require npm. The SKILL.md also documents building from source (git + pnpm) but the skill's declared required binaries do not include git or pnpm. Additionally, the skill registry entry (slug/version/owner) does not match the _meta.json contents (different ownerId, slug, and version), and the package has no declared homepage or source URL in the registry — these inconsistencies suggest packaging/copying or provenance issues.
Instruction Scope
The runtime instructions are narrowly focused on browser automation commands (navigate, snapshot, click, fill, upload, screenshot, etc.), which aligns with the described purpose. The document includes commands that can access pages, cookies/storage, and upload local files — expected for a browser automation tool but potentially capable of exposing sensitive local data if misused. The SKILL.md does not instruct reading unrelated system files or environment variables.
Install Mechanism
There is no formal install spec in the skill bundle (instruction-only), but SKILL.md recommends npm global installation (npm install -g agent-browser) and provides a from-source path requiring git and pnpm. Running npm install -g executes package install scripts from the npm registry, which can run arbitrary code on the host. Because the registry metadata has no source/homepage and the skill manifest mismatches the included _meta.json, it's unclear whether the npm package name and upstream repository are trustworthy. The absence of declared git/pnpm in required binaries is another mismatch.
Credentials
The skill declares no required environment variables or credentials, and SKILL.md does not request secrets. That is proportionate for a browser automation CLI. However, the tool's capabilities (navigation, cookies, file upload) mean an installed CLI could access local files and network endpoints, so installation should be treated with the same caution as installing any third-party CLI.
Persistence & Privilege
The skill does not request always:true and uses default agent invocation settings. It is instruction-only and does not include code that would be written to disk by the platform. Autonomous invocation is allowed (platform default) — combine that with the install concerns above when deciding whether to permit autonomous runs.
What to consider before installing
This skill is plausibly a useful browser-automation wrapper, but there are red flags around provenance and install instructions. Before installing or allowing the agent to run it autonomously: 1) Verify the npm package name 'agent-browser' and inspect the package on the npm registry for publisher, version, and install scripts; 2) Confirm the upstream repository (the SKILL.md references github.com/vercel-labs/agent-browser) — check the repo owner, tags, and source code; 3) Resolve metadata mismatches (ownerId/slug/version differences between registry metadata and _meta.json) with the publisher; 4) If you must test, install and run it in a sandbox or isolated VM/container and avoid global npm installs on production hosts; 5) Limit the agent's access to local files and outgoing network when first enabling the skill. If you cannot verify the upstream package and author, treat the skill as untrusted.Like a lobster shell, security has layers — review code before you run it.
latestvk976x8gzymbcqma13mjqerzfrx83rqa8
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🌐 Clawdis
Binsnode, npm