Chen Agent Browser
v1.0.0A fast Rust-based headless browser automation CLI with Node.js fallback that enables AI agents to navigate, click, type, and snapshot pages via structured co...
⭐ 0· 74·0 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The SKILL.md documents a browser automation CLI (agent-browser) and the declared required binaries (node, npm) match the installation instructions. The commands and capabilities (navigate, snapshot, click, fill, cookies, screenshots, video, etc.) are coherent with a headless browser automation tool. Note: repository/ownership metadata inside _meta.json (slug: agent-browser, different ownerId) and the registry skill name (Chen Agent Browser) do not match exactly, which suggests the upstream README was repackaged or copied.
Instruction Scope
Runtime instructions are limited to invoking the agent-browser CLI and its flags; they do not instruct reading unrelated host files or environment variables. The CLI will, by design, access page content, cookies, localStorage, and can upload local files — these are expected for browser automation but are substantial capabilities that can surface sensitive data from web pages.
Install Mechanism
This is an instruction-only skill (no install spec). SKILL.md recommends npm -g agent-browser and gives a GitHub repository (github.com/vercel-labs/agent-browser). GitHub and npm are standard hosts, but installing a global npm package and running its installer will fetch and execute third-party code from the network — expected for a CLI wrapper but a point of risk that deserves verification of the upstream project and package integrity.
Credentials
The skill declares no required environment variables or credentials. It only needs node/npm to be present. The CLI itself can be instructed to set HTTP credentials/headers and can read page data and cookies — these behaviors are proportional to browser automation, but they mean the agent (when using this skill) can access and transmit page contents.
Persistence & Privilege
always is false and the skill does not request system-wide configuration changes or access to other skills' settings. Model invocation is allowed (default) which is normal for skills; no elevated persistence or cross-skill modification is requested.
Assessment
This skill appears to be a wrapper around the agent-browser CLI and is internally consistent with that purpose. Before installing or using it: 1) verify the upstream project/package (confirm the npm package name and the GitHub repository and that they are the genuine upstream), 2) be aware that installing an npm -g package and running its installer executes third-party code—prefer installing in a controlled environment (container/VM) and review the package source if possible, 3) avoid letting the agent access sensitive sites or local files unless necessary (browser automation can read cookies, localStorage, page content, and upload files), and 4) note the metadata mismatch (skill name/owner vs. _meta.json) and consider asking the skill author or maintainer for clarification if you need higher assurance.Like a lobster shell, security has layers — review code before you run it.
latestvk97dy2m3e1jn7wmq4j5ffqtp7h83d8az
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🌐 Clawdis
Binsnode, npm