ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Agent Browser - 浏览器自动化

v1.0.0

A fast Rust-based headless browser automation CLI with Node.js fallback that enables AI agents to navigate, click, type, and snapshot pages via structured co...

0· 715·2 current·2 all-time
by@cp3d1455926-svg
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description (headless browser CLI) align with the SKILL.md commands and required binaries (node, npm). Requiring node/npm is reasonable for an npm-published CLI fallback; the Rust-based source path is optional and reasonable as an alternative build path.
Instruction Scope
SKILL.md stays within browser automation scope (open, snapshot, click, fill, upload, screenshot, record). It does not instruct reading unrelated host config or secrets, but it does include commands that interact with local files (upload <file>, screenshot output to file) and preserves cookies/storage — expected for a browser tool but a potential data-exfil/exposure vector if misused. The skill allows navigating arbitrary URLs, which can access internal resources if the agent runs in a privileged environment.
!
Install Mechanism
This is instruction-only (no install spec), which reduces automatic install risk, but SKILL.md recommends 'npm install -g agent-browser' and also gives two differing source repos (git clone https://github.com/vercel-labs/agent-browser in SKILL.md vs README suggesting https://github.com/openclaw/agent-browser and elsewhere 'agent-browser' npm). The lack of a single authoritative source and the recommendation to perform a global npm install are inconsistent and increase risk — you should verify the exact npm package and repository before installing.
Credentials
The skill declares no environment variables or credentials (appropriate). However, runtime commands can read/write local files (upload, screenshot, record), preserve cookies/storage, and set HTTP basic auth via commands — all legitimate for a browser tool but potentially sensitive if the agent is given access to private files, cookies, or internal sites.
Persistence & Privilege
Skill does not request always:true and has no install-time hooks or claimed persistent system changes. It's user-invocable and allows autonomous model invocation (platform default) — not a unique escalation of privilege.
What to consider before installing
This skill appears to be a normal browser-automation wrapper, but do not blindly run the recommended global npm install or git clone without verifying the upstream package/repository. Before installing or running it: 1) confirm the exact npm package owner and inspect the package on npm (who published it, version, and files); 2) verify the authoritative GitHub repo (the SKILL.md and README reference different orgs); 3) prefer running in an isolated environment (container/VM) until you trust the package; 4) be cautious about allowing the skill to access private sites, cookies, or local files (commands like upload or screenshot can expose sensitive data); and 5) ask the skill author for a canonical homepage/repo and signed/verified releases — if they cannot provide a clear source, treat the npm global install recommendation as risky.

Like a lobster shell, security has layers — review code before you run it.

latestvk97d9z1qkjyntpm0qkragsxd1s83x0zj

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🌐 Clawdis
Binsnode, npm

Comments