ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Personal Agent Browser

v1.1.0

一个为你的个人数字大脑设计的浏览器自动化技能。它调用你本地安装的 agent-browser CLI,安全地访问网页,提取标题和内容,并返回结构化摘要,让 AI 助手能理解并总结网页信息。 **使用场景**: (1) 用户要求:“帮我查看一下我的技能在 ClawHub 上的页面” (2) 用户希望 AI 自动抓取...

0· 74·0 current·0 all-time
by@awublack

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for awublack/personal-agent-browser.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Personal Agent Browser" (awublack/personal-agent-browser) from ClawHub.
Skill page: https://clawhub.ai/awublack/personal-agent-browser
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install personal-agent-browser

ClawHub CLI

Package manager switcher

npx clawhub@latest install personal-agent-browser
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description promise a local browser wrapper that calls a local agent-browser CLI — that matches the included run_browser.js. However the registry metadata lists no required binaries while SKILL.md explicitly requires the agent-browser CLI and Node.js and even references a user-specific install path (/home/awu/.npm-global/bin/agent-browser). The manifest should declare the CLI dependency instead of omitting it.
!
Instruction Scope
run_browser.js constructs a shell command using the raw URL: `agent-browser --url="${url}" ...` and passes it to child_process.exec. That allows command injection if the URL is attacker-controlled (or contains quotes/shell metacharacters). The instructions claim 'fully local' and 'safe', but the code gives the skill the ability to run arbitrary shell commands via the exec call. The script also allows arbitrary URLs (including file://), which could be used to access local files via the invoked CLI.
Install Mechanism
There is no install spec in the skill package itself (instruction-only), which is lower risk for the skill, but SKILL.md instructs the user to run `npm install -g agent-browser` without providing provenance. Installing an arbitrary npm global package has risk if that package or its name is untrusted or typosquatted.
Credentials
The skill requests no environment variables or credentials and does not read other system paths in code. That is proportionate. The SKILL.md's hardcoded example path (/home/awu/.npm-global/bin/agent-browser) is user-specific and unexpected; it is not declared in the manifest and could confuse users.
Persistence & Privilege
The skill is not always-enabled and does not request persistent privileges or modify other skills or system-wide settings. It does run a local CLI when invoked, which is the intended behavior.
What to consider before installing
This skill is internally plausible but contains a real risk: run_browser.js passes an unescaped URL to child_process.exec, enabling shell command injection and arbitrary command execution if a malicious URL is provided or if the local agent-browser binary is replaced. Before installing or using: (1) Verify the provenance of the npm package `agent-browser` (review its source and npm owner) and ensure your PATH points to the intended binary. (2) Inspect and patch run_browser.js to avoid exec with an interpolated shell string — use spawn/execFile with an args array or properly escape/sanitize the URL. (3) Avoid invoking the skill on untrusted URLs; consider blocking file:// and other local schemes. (4) Update the skill manifest to declare required binaries/Node so requirements are clear. If you cannot review or fix the script and the agent-browser package, treat this skill with caution.
run_browser.js:28
Shell command execution detected (child_process).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ces1a6m5dtcq7zswphj2bss84qkbd
74downloads
0stars
2versions
Updated 2w ago
v1.1.0
MIT-0
@awublack
latest
Download

OpenClaw Agent Browser

概述

这是一个为 OpenClaw 个人数字大脑打造的轻量级浏览器技能。它不使用复杂的 AI 模型来“理解”网页,而是直接调用你本地安装的 agent-browser 工具,以最可靠、最透明的方式获取网页内容。

工作原理

  1. 触发:当你向 AI 助手提问,例如:“帮我看看 https://clawhub.ai/awublack/awublack-personal-memory-system 的内容”,AI 会调用此技能。
  2. 执行run_browser.js 脚本被启动,接收 URL 参数。
  3. 调用 CLI:脚本通过 child_process.exec 调用系统上的 agent-browser --url="..." --output=markdown 命令。
  4. 提取:脚本解析 agent-browser 返回的 Markdown 输出,提取出页面标题和正文内容。
  5. 输出:脚本以 JSON 格式输出结构化数据,包含 titlecontentsummary
  6. 总结:AI 助手接收此 JSON,将其内容整合到你的对话上下文中,为你生成自然语言的总结。

系统组件

  • run_browser.js:核心 Node.js 脚本,负责调用 CLI 并解析输出。
  • agent-browser:本地安装的命令行工具(通过 npm install -g agent-browser)。

安装与使用

  1. 安装依赖:在你的终端中运行:

    npm install -g agent-browser

  2. 安装技能:将此技能包放入 OpenClaw 的 skills 目录,或通过 clawhub install openclaw-agent-browser 安装。

  3. 使用:直接向 AI 助手提问,例如:

    “请帮我查看 https://clawhub.ai/awublack/awublack-personal-memory-system 的内容”

    AI 将自动调用此技能,访问网页,提取信息,并为你总结。

安全与隐私

  • 完全本地化:所有操作都在你的本地机器上进行,不向任何服务器发送数据。
  • 透明可控:你完全知道 AI 在做什么——它只是在调用一个你安装的命令行工具。
  • 无外部依赖:不依赖任何云服务、API 密钥或第三方平台。
  • 可审计:你可以随时检查 run_browser.js 的源代码,确认其行为。

未来扩展

  • 支持截图功能(--screenshot
  • 支持表单填写和点击按钮
  • query_memory.py 集成,将网页内容自动存入你的长期记忆

“真正的智能,不是模仿人类,而是扩展人类的能力。” —— 你的数字大脑

Comments

Loading comments...