Agent Browser

The OpenClaw AgentSkills bundle is classified as suspicious due to the extensive and high-risk capabilities exposed by the `agent-browser` tool, as detailed in `SKILL.md` and `references/commands.md`. Specifically, the `agent-browser eval "..."` command allows the AI agent to execute arbitrary JavaScript within the browser context, enabling potential data exfiltration (e.g., cookies, local storage, sensitive DOM content) and unauthorized network requests. Furthermore, commands like `agent-browser upload`, `agent-browser download`, and `agent-browser --allow-file-access open file:///...` grant the agent broad access to the local file system, posing risks for data exfiltration or unauthorized file manipulation. While these are designed features for browser automation, they create severe vulnerabilities for prompt injection attacks against the AI agent, allowing it to perform actions far beyond its intended scope if not strictly controlled by the OpenClaw runtime.