Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Agent Browser
v1.0.0Headless browser automation CLI for AI agents. Use when interacting with websites — navigating pages, filling forms, clicking buttons, taking screenshots, ex...
⭐ 2· 6.3k·24 current·26 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The declared purpose — headless browser automation — matches the commands and features described (navigation, click/fill, screenshots, downloads, state persistence). However SKILL.md and setup.sh state that Node.js/npm are required while the registry metadata lists no required binaries or env vars, which is an inconsistency the user should be aware of.
Instruction Scope
Runtime instructions include powerful operations: eval'ing arbitrary page JS, connecting to an existing Chrome/CDP, opening file:// URIs, uploading and downloading files, saving/loading session state and auth profiles, and redirecting page text to files. These are expected for a browser-automation tool but also enable access to local files and any data visible in pages the agent visits. The SKILL.md examples reference $USERNAME/$PASSWORD but the skill declares no required env vars.
Install Mechanism
There is no registry install spec; instead scripts/setup.sh performs npm install -g agent-browser and then runs agent-browser install to fetch Chromium. Installing from npm at runtime is normal for Node tools but it means arbitrary package code will be downloaded and executed on the host. The package's source is 'unknown' (no homepage) so the provenance of the npm package is not verified in the metadata.
Credentials
The skill declares no required credentials or env vars, yet SKILL.md references optional envs (AGENT_BROWSER_*), and examples use $USERNAME/$PASSWORD and saving auth profiles and state files. The tool can persist credentials and cookies to disk and may read local files (file://, downloads). Requesting no secrets in metadata but instructing workflows that use and store secrets is a mismatch and elevates risk.
Persistence & Privilege
The skill is not always-enabled and does not request elevated platform privileges, but it provides commands to save session state, store auth profiles, and write files to disk. Those behaviors are expected for a browser automation CLI but mean the skill can create persistent artifacts containing sensitive data on the host.
What to consider before installing
This skill appears to implement a real browser-automation CLI, but there are several things to check before installing or running it:
- Provenance: There is no homepage and the registry metadata gives an unknown source. Inspect the npm package 'agent-browser' (version author, README, and published files) before running npm install -g. Prefer a package with a verifiable repository and maintainer.
- Runtime requirements mismatch: SKILL.md requires Node.js/npm but the registry metadata lists no required binaries—make sure your environment meets the tool's needs and be cautious when running setup scripts.
- Data exposure: The tool can access file:// URLs, download/upload files, eval JS in page contexts, and save auth/state to disk. Do not provide sensitive credentials (passwords, API keys, private tokens) to the agent unless you trust the package and have verified where/how those secrets are stored. Consider using dedicated test accounts.
- Install safely: Run the setup in an isolated environment (container, VM) so the npm package and its install scripts cannot access your primary host. After installation, inspect installed files under the global npm directory.
- Hardening: If you proceed, set AGENT_BROWSER_ALLOWED_DOMAINS to a strict allowlist, enable AGENT_BROWSER_CONTENT_BOUNDARIES, and limit AGENT_BROWSER_MAX_OUTPUT. Review and control any saved state/auth files (their formats and locations).
- If you are unsure: Ask the publisher for a repository link and package provenance, or prefer a well-known, audited browser-automation tool (e.g., Playwright/Puppeteer) with clear origin and reproducible install steps.Like a lobster shell, security has layers — review code before you run it.
latestvk9728kaq7a94b9aycj4nk90bkx81zhzs
License
MIT-0
Free to use, modify, and redistribute. No attribution required.