Agent Browser Clawdbot 20260401

The skill's instructions and requirements are coherent with a headless browser automation CLI, but there are minor metadata inconsistencies and expected operational risks (external installs, saved auth state, network routing) that you should understand before use.

This skill appears to be what it claims (a CLI for headless browser automation), but take these precautions before installing or running it: - Verify provenance: double-check the npm package name and the GitHub repository (https://github.com/vercel-labs/agent-browser) and confirm the maintainer identity; metadata mismatches in the package suggest sloppy publishing. - Understand external installs: npm install -g agent-browser and agent-browser install will download code and a Chromium binary from external sources — only run these if you trust those sources and your environment. - Treat saved state carefully: state save/load (auth.json) stores cookies/storage that can contain session tokens. Don’t save or share these files from sensitive accounts and keep them on secure storage. - Watch snapshots and get commands: snapshots and get text/html/attr will capture page content (potentially sensitive). Avoid running the tool against sites where you wouldn’t want the agent to capture data. - Network routing is powerful: network route and request mocking can intercept or modify requests; use only in controlled testing contexts. - If you need stricter auditing, prefer the built-in browser tool for visual/debugging workflows, and consider running agent-browser in an isolated environment (container or VM) and validating the binaries it downloads. If you want higher assurance, ask the publisher for a signed release or source tarball and verify checksums before installing.