Luke Agent Browser Clawdbot
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: luke-agent-browser-clawdbot Version: 1.0.0 The skill bundle provides documentation and usage instructions for 'agent-browser', a legitimate browser automation CLI tool from Vercel Labs. The instructions in SKILL.md focus on standard automation tasks such as navigation, element interaction via accessibility trees, and session management. While the tool possesses high-risk capabilities inherent to browser automation (e.g., cookie access, state persistence, and network interception), these features are clearly aligned with the stated purpose and the documentation contains no evidence of malicious intent, prompt injection, or data exfiltration instructions.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used on sensitive sites, the agent could submit forms, change settings, or trigger purchases/posts depending on the user's session and instructions.
The skill exposes direct browser interaction commands that can click, type, and submit content on websites. This is central to the stated purpose, but it can have real effects on logged-in accounts.
agent-browser click @e2 agent-browser fill @e3 "text" agent-browser type @e3 "text" agent-browser press "Enter"
Use it only for clearly scoped tasks and require explicit user confirmation before actions that buy, post, delete, send, or change account data.
Saved auth files could let later browser automation act as the logged-in user, and mishandling those files could expose sessions.
The documented workflow can persist and reload cookies/storage, which may represent authenticated website sessions.
agent-browser state save auth.json # Save cookies/storage agent-browser state load auth.json # Load (skip login)
Store auth state files securely, avoid sharing them, delete them when no longer needed, and use separate low-privilege test accounts when possible.
The reviewed skill text is benign, but the actual behavior depends on the npm package and downloaded browser/dependencies installed on the user's machine.
The skill is instruction-only but asks the user to install and run an external CLI and browser dependencies that are not included in the reviewed artifacts.
npm install -g agent-browser agent-browser install # Download Chromium agent-browser install --with-deps # Linux: + system deps
Verify the npm package and GitHub source before installing globally, prefer pinned versions where possible, and avoid running install commands with elevated privileges unless necessary.