Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Agent Browser Zh
v0.2.2A fast Rust-based headless browser automation CLI with Node.js fallback that enables AI agents to navigate, click, type, and snapshot pages via structured co...
⭐ 0· 74·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description describe a browser automation CLI and the SKILL.md contains only commands and workflows for navigating pages, taking screenshots, interacting with elements, recording, and setting browser options. Required binaries (node, npm) align with the documented npm-based installation and usage. Minor metadata inconsistencies exist (manifest/version/owner fields differ and no homepage/source is listed), but these are bookkeeping issues rather than functional mismatches.
Instruction Scope
SKILL.md stays within browser automation functionality, showing explicit CLI commands for navigation, snapshotting, interactions, screenshots, video recording, storage/cookies, file uploads, and setting headers/credentials/geolocation. This is expected for a browser automation tool, but several commands provide access to local files (upload), to page storage/cookies, and let the operator set custom HTTP headers or credentials — all of which can be used to move or expose sensitive data. The instructions do not ask the agent to read unrelated system files or arbitrary env vars beyond the tool usage.
Install Mechanism
The skill is instruction-only (no install spec). SKILL.md recommends installing via 'npm install -g agent-browser' or building from source on GitHub, which is a typical installation path. Because installation is left to the operator, the risk is driven by the npm package/source you choose to install; the skill itself does not provide or pin a verified release URL. There is no direct download from a suspicious host in the skill files.
Credentials
No environment variables, secrets, or config paths are requested by the skill manifest. That is proportional to the claimed purpose. Note: the CLI exposes commands that can operate on local files and browser storage and can set headers/credentials — these are functional capabilities of the tool rather than requested environment credentials, but they are sensitive in practice.
Persistence & Privilege
The skill does not request always:true and does not claim system-wide persistence. It's user-invocable and can be autonomously invoked by the agent (the platform default). The skill does not modify other skills' configuration or ask for elevated agent permissions in its files.
Assessment
This skill is a wrapper for a browser-automation CLI and is internally consistent with that purpose. Before installing or using it, verify the npm package and source you will install (the skill references 'agent-browser' on npm/GitHub but provides no homepage), and prefer the official repository or a pinned release. Be aware that the CLI can access local files (upload), read/write cookies and storage, take screenshots, and set HTTP headers or credentials — avoid running it against sites that handle sensitive data unless you trust the installed binary. If you need stronger isolation, run the CLI in a sandboxed environment or a disposable VM/container, and review the npm package contents before installing. Finally, the skill metadata shows minor mismatches (version/owner IDs and no homepage); if provenance matters, ask the publisher for the canonical source or an official release link before proceeding.Like a lobster shell, security has layers — review code before you run it.
latestvk97d62p82cpc34gw1py4jdyedh83ch31
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🌐 Clawdis
Binsnode, npm