ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Agent Browser Custom

v1.0.0

Headless browser automation CLI optimized for AI agents with accessibility tree snapshots and ref-based element selection

0· 72·1 current·1 all-time
by@alexbingquanxu-cpu·fork of @matrixy/agent-browser-clawdbot (0.1.0)
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description describe a headless browser CLI and the SKILL.md contains only commands, flags, and workflows for a CLI named agent-browser. There are no unrelated credential requests, binaries, or config paths.
Instruction Scope
Runtime instructions are limited to expected browser-automation actions (open, snapshot, click, fill, sessions, state save/load, network routing). Commands that read/write state files (state save/load, cookies, auth.json) are appropriate for session persistence; there are no instructions to read arbitrary system files, other skills' configs, or to transmit data to unexpected external endpoints.
Install Mechanism
This is an instruction-only skill with no install spec in the bundle. The SKILL.md suggests installing via npm (npm install -g agent-browser) which is consistent with a CLI; the skill itself does not attempt to download arbitrary artifacts or specify a custom install URL.
Credentials
No required env vars or credentials are declared. SKILL.md only mentions an optional AGENT_BROWSER_SESSION env var for selecting sessions, which is proportional to the functionality.
Persistence & Privilege
Skill does not set always: true and does not request system-wide configuration changes. It instructs saving/loading of auth state to local files (expected for browser automation) but does not claim elevated or persistent platform privileges.
Assessment
This skill is internally consistent with a headless browser CLI. Before installing or running commands, ensure the agent-browser binary you use comes from a trusted source (verify the npm package and the GitHub repo), because the CLI will save and load local state files (cookies, auth.json) that can contain session tokens. If you allow an agent to run this autonomously, restrict its file system access to a safe directory and avoid loading state files that contain sensitive credentials. When installing, review npm package ownership and the upstream project's releases (Chromium will be downloaded by the CLI during setup).

Like a lobster shell, security has layers — review code before you run it.

latestvk9774zc81f87gqg9yprcmt79m183dzzf

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🌐 Clawdis

Comments