ClawHub

Agent Browser Clawdbot Bak

v1.0.0

Headless browser automation CLI optimized for AI agents with accessibility tree snapshots and ref-based element selection

0· 102·1 current·4 all-time
by@chenjinsong·fork of @matrixy/agent-browser-clawdbot (0.1.0)
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The name/description describe a headless browser CLI and the SKILL.md exclusively documents commands for an 'agent-browser' CLI (navigation, snapshot, interactions, sessions, state save/load, network control). There are no unrelated requirements (no unexpected env vars, binaries, or config paths).
Instruction Scope
Instructions stay within browser automation scope (snapshots, ref-based interactions, sessions, saving/loading browser state, network routing). Two items to be aware of: (1) state save/load reads/writes files like auth.json which can contain sensitive cookies/localStorage — this is expected but sensitive, and (2) network control (routing/mocking/requests) can inspect or alter in-flight data. The SKILL.md does not instruct reading unrelated system files or arbitrary environment variables beyond an optional AGENT_BROWSER_SESSION.
Install Mechanism
There is no automated install spec in the skill bundle (instruction-only), which is low-risk. However SKILL.md recommends 'npm install -g agent-browser' and 'agent-browser install' (Chromium download). Installing an npm package and downloading a browser binary are normal for this tool but carry typical risks: npm postinstall scripts run arbitrary code and downloaded binaries should be validated. The skill itself does not perform the install.
Credentials
The skill declares no required environment variables or credentials. The only env mention is an optional AGENT_BROWSER_SESSION to choose a session. The commands that persist state (cookies/storage) are appropriate for a browser tool but may store sensitive auth material; no unexplained secrets are requested.
Persistence & Privilege
Skill flags are default (always:false, user-invocable:true, autonomous invocation allowed). The skill does not request persistent platform privileges or modify other skills/config. Nothing suggests elevated platform privilege.
Assessment
This skill appears coherent for headless browser automation. Before installing or running it: (1) verify the upstream package/repository (the SKILL.md points at github.com/vercel-labs/agent-browser) to ensure you trust the publisher, (2) be cautious when running 'npm install -g' since npm packages can execute code during installation—consider reviewing the package source or installing in a contained environment, (3) avoid loading or saving sensitive auth files (auth.json) unless you trust the environment and understand where those files are stored, and (4) when running automation that captures network traffic or state, run it in an isolated test account or sandbox to limit exposure of credentials or user data.

Like a lobster shell, security has layers — review code before you run it.

latestvk97b25k9dm3qkqmn4ymzqc9pwh8394ms

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🌐 Clawdis

Comments