Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Agent Browser (XiaoDing)
v0.2.2A fast Rust-based headless browser automation CLI with Node.js fallback that enables AI agents to navigate, click, type, and snapshot pages via structured co...
⭐ 0· 64·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (browser automation CLI) align with the SKILL.md instructions that invoke an agent-browser CLI. Requesting node/npm is reasonable for an npm-distributed wrapper or Node fallback. However, the registry metadata and the _meta.json differ (ownerId and version mismatches) and the package source/homepage are listed as unknown/none, which reduces traceability and is unexpected for a published CLI.
Instruction Scope
The runtime instructions tell the agent to run many agent-browser commands that perform network navigation, DOM snapshots, file uploads, screenshot output (to stdout), video recording, and modification of cookies/storage. Those behaviors are expected for browser automation, but they permit the agent to read and submit local files and to capture page content that may include sensitive data. The SKILL.md does not limit which local paths or data can be used, so a poorly constrained agent could exfiltrate files or page contents via the CLI (e.g., screenshot to stdout, file uploads, or by posting captured data to external endpoints).
Install Mechanism
This is an instruction-only skill with no install spec in the registry (lowest code risk). The SKILL.md recommends installing an npm package or building from a referenced GitHub repo. Those are normal install paths, but because the registry lists no homepage/source and the cloned repo in docs points to 'github.com/vercel-labs/agent-browser', you should verify the actual npm package and upstream repo are genuine before running npm install -g (global installs run code during install).
Credentials
No environment variables or credentials are requested in the skill manifest. That is proportionate. Nonetheless, the CLI supports setting HTTP headers, credentials, and geolocation at runtime — which can be used legitimately but could also be abused to send captured data to third parties if misused by an agent.
Persistence & Privilege
always is false and the skill uses normal agent invocation. It does not request elevated or persistent platform privileges in the manifest. Autonomous agent invocation is allowed by default; combine with the instruction-scope concerns (file access, screenshots) when deciding whether to allow autonomous runs.
What to consider before installing
This skill appears to be a wrapper for an agent-browser CLI and its commands match that purpose, but there are some red flags to check before installing or enabling it: 1) Verify the upstream project and npm package — the registry metadata shows unknown source/homepage and a mismatch in ownerId/version in _meta.json; confirm the package name, publisher, and checksums on npm and the GitHub repo referenced in SKILL.md. 2) Prefer not to install globally (-g) on production systems; install in an isolated environment or container first and inspect the installed binaries. 3) Be cautious about running the skill with autonomous agent invocation especially if your agents have access to sensitive files or credentials — the CLI supports file upload, screenshots, and dumping content to stdout, which could be used to exfiltrate data. 4) Limit the agent's permissions and provide explicit allowed file paths or sandboxing where possible. 5) If you need higher assurance, request the upstream repository URL, verify commit history and release assets, or ask the skill author to provide a signed release or checksum.Like a lobster shell, security has layers — review code before you run it.
latestvk976e52c70n5ne1ee4yk9wkhz983e5zg
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🌐 Clawdis
Binsnode, npm