ClawHub

Agent Browser Core

v1.0.1

OpenClaw skill for the agent-browser CLI (Rust-based with Node.js fallback) enabling AI-friendly web automation with snapshots, refs, and structured commands.

20· 9.1k·64 current·72 all-time
by@codedao12
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name and description match the SKILL.md and reference docs: they describe CLI-driven web automation, snapshot/refs workflows, and a Node.js fallback. Required binaries, env vars, and config paths are none — consistent with an instruction-only playbook that expects the user to install the agent-browser CLI separately.
Instruction Scope
Runtime instructions focus on using the CLI (open, snapshot, refs, state save/load, safety checklists). They explicitly call out high-risk commands (eval, file access, network routing) and require explicit approval before use. The instructions do not direct reading unrelated system files, nor do they instruct exfiltration or posting data to unexpected endpoints.
Install Mechanism
This is an instruction-only skill with no install spec or code files. The docs recommend installing agent-browser via npm and running agent-browser install (which may download Chromium/Playwright runtimes) — a normal, expected workflow for a CLI. Because install actions are external to the skill, users should follow supply-chain hygiene (pin versions, install in a dedicated environment).
Credentials
The skill requests no environment variables, credentials, or config paths. It acknowledges that state files and tokens are sensitive and recommends treating them as secrets; nothing in the skill asks for unrelated or excessive credentials.
Persistence & Privilege
The skill is not always-enabled and does not request elevated platform privileges or permanent presence. It does not attempt to modify other skills or system-wide agent settings; its guidance recommends ephemeral sessions and avoiding persistent profiles.
Assessment
This skill appears to be a coherent, safety-conscious playbook for using the agent-browser CLI. Before using it: (1) pin the CLI version and install in an isolated container or dedicated environment, (2) do not grant or approve high-risk actions (eval, --allow-file-access, custom --executable-path, network routing, state writes) without human review, (3) treat state files and tokens as secrets and rotate them, and (4) block localhost/private-network targets unless explicitly required. If you need greater assurance, request the upstream source/homepage or a signed release for the agent-browser binary before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk972pwcc4xdvv8nmyyy7vsp16d80m2ce

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments