Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Agb
v1.0.0Automates browser interactions for web testing, form filling, screenshots, and data extraction. Use when the user needs to navigate websites, interact with w...
⭐ 0· 361·0 current·0 all-time
by@cecwap
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description, CLI usage in SKILL.md, templates, and index.js all implement browser automation (navigation, snapshots, interactions, screenshots, session management). The files present are coherent with the claimed capability.
Instruction Scope
SKILL.md and templates instruct saving/loading session state, using environment variables for credentials, proxy configuration, recording video, and cleaning up Chromium processes. Those actions are expected for a browser-automation tool, but they give the agent the ability to store and replay authentication tokens and to route traffic through proxies — both legitimate for the purpose but sensitive. The documentation also suggests embedding proxy credentials in URLs and using saved state files that contain session tokens; the user should treat these artifacts as sensitive.
Install Mechanism
There is no install spec (instruction-only behavior) and no remote download. Code files are bundled but nothing in the manifest attempts to fetch or extract external archives. This is lower install risk.
Credentials
The manifest declares no required environment variables, but the documentation and templates reference environment variables (e.g., APP_USERNAME, APP_PASSWORD, HTTP_PROXY/HTTPS_PROXY/ALL_PROXY). That mismatch is not necessarily malicious, but you should be aware the skill expects/encourages use of env vars and may direct users to place credentials into envs or proxy URLs (the latter can expose secrets in process lists or logs).
Persistence & Privilege
always:false and default invocation settings are used. The skill does not request permanent platform presence or modify other skills. It does read and write local state files (auth-state.json, saved recordings) which is normal for session reuse but are sensitive artifacts you must protect.
Assessment
This skill appears to do what it says (automated browser interactions), but review these before installing: 1) The index.js calls a hardcoded binary path (/root/.local/bin/agent-browser) — confirm the expected agent-browser binary is present and trusted in your environment to avoid a replaced binary being executed. 2) The tool encourages saving session state files (auth-state.json) and using environment variables for credentials; treat those files and env vars as secrets, never commit them to source control, and remove them when done. 3) Proxy examples show credentials in proxy URLs — avoid embedding secrets in URLs or logs; prefer secure storage and runtime injection of credentials. 4) The scripts call pkill -f chromium and recommend ignoring HTTPS errors in some debugging examples — be cautious running these commands in multi-tenant or production environments. 5) Because the skill automates login flows and can replay sessions, only use it with accounts and sites you control or for which you have permission. If you need higher assurance, ask the author for: (a) confirmation of the expected agent-browser binary path on your platform, (b) a signed/official release link for agent-browser, and (c) a minimal example run that shows no unexpected network endpoints or exfiltration.Like a lobster shell, security has layers — review code before you run it.
latestvk972xsta9rzsq37eh9arskjbb5824e6a
License
MIT-0
Free to use, modify, and redistribute. No attribution required.