Agent Browser Clawdbot 0
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is a coherent browser-automation skill, but it gives an agent broad logged-in browser control and session persistence through an external CLI, so it deserves careful review.
Install only if you trust the external agent-browser CLI and need an agent to automate websites. Avoid using it on personal, financial, admin, or production accounts unless you explicitly approve each sensitive action, and treat any saved auth.json or cookie output like a password.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A saved auth state file could let future browser sessions act as the logged-in user on websites, and cookie output may expose sensitive session data if mishandled.
These commands persist and expose browser cookies/storage, which can include logged-in session material. The skill does not specify consent, scope, encryption, retention, or restrictions on when the agent may save or reload that authority.
agent-browser state save auth.json # Save cookies/storage agent-browser state load auth.json # Load (skip login) ... agent-browser cookies # Get all
Use only with accounts you intend the agent to access, prefer test or isolated sessions, require explicit user approval before saving/loading auth state, and store/delete auth files securely.
The agent could click buttons, fill forms, change website state, or alter network behavior during browsing tasks.
The skill documents commands that can submit UI actions and intercept or mock network requests. This is expected for browser automation, but it can have real effects on websites if used without care.
agent-browser click @e2
agent-browser fill @e3 "text"
...
agent-browser network route "**/api/*" --body '{"x":1}'Set clear task boundaries and require confirmation before purchases, account changes, public posts, administrative actions, or network mocking against sensitive services.
Installing the CLI runs external code outside the reviewed skill artifacts and may change the local environment.
The skill relies on an external, unpinned global npm package and downloaded browser/system components, while the reviewed package itself contains no CLI code or install spec.
npm install -g agent-browser agent-browser install # Download Chromium agent-browser install --with-deps # Linux: + system deps
Verify the npm package and GitHub project before installing, pin trusted versions where possible, and run the browser automation in a constrained environment.