Skillv1.0.0

ClawScan security

Agent Browser Bwm · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 16, 2026, 5:34 PM

Verdict: Benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is internally consistent: it documents how to use an external CLI (agent-browser) and doesn't request unrelated credentials or hidden installs, though it assumes the CLI and its downloaded browser binary are installed by the user.
Guidance: This skill is coherent and essentially instructs the agent to drive the external 'agent-browser' CLI. Before using it: (1) Verify you want an agent that can execute CLI commands on your machine. (2) Confirm the upstream package (https://github.com/vercel-labs/agent-browser and the npm package) is trustworthy before running npm install -g or agent-browser install (which downloads Chromium). (3) Be careful when using state load/save — those JSON files can contain cookies or tokens; don't load untrusted files. (4) Network routing and mocking features can alter requests during automation; use them only when intended. If you need higher assurance, inspect the agent-browser package source and its npm release before installing.

Review Dimensions

Purpose & Capability: okThe SKILL.md consistently describes a CLI tool for headless browser automation and all commands, session/state features, and network controls align with that purpose. It does not request unrelated binaries or credentials.
Instruction Scope: noteInstructions are restricted to invoking the agent-browser CLI and using its features (snapshots, refs, state save/load, network routing). This is in-scope for a browser automation skill. Note: state load/save commands access local files (e.g., auth.json) which may contain sensitive cookies or tokens — that is expected for session persistence but is a place to exercise caution.
Install Mechanism: noteThere is no platform install spec in the skill bundle (instruction-only). The SKILL.md recommends installing via npm (npm install -g agent-browser) and running agent-browser install to download Chromium. Installing from npm and downloading a browser binary is a reasonable, expected mechanism — users should confirm they trust the package and its source before running those commands.
Credentials: okThe skill declares no required environment variables or credentials. References to AGENT_BROWSER_SESSION and using filesystem state are proportional to the stated functionality and are optional usage patterns rather than required secrets.
Persistence & Privilege: okalways:false and default model-invocation behavior are present. The skill does not request permanent platform presence or modify other skills' configs; it only documents running a CLI and storing/reading session files, which is appropriate for this use case.