Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Vercel Sandbox
v1.0.0Run agent-browser + Chrome inside Vercel Sandbox microVMs for browser automation from any Vercel-deployed app. Use when the user needs browser automation in...
⭐ 0· 30·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's stated purpose (run agent-browser + headless Chrome in Vercel Sandboxes) aligns with the code examples in SKILL.md. However, the SKILL.md relies on environment variables (VERCEL_TOKEN, VERCEL_TEAM_ID, VERCEL_PROJECT_ID, AGENT_BROWSER_SNAPSHOT_ID) and on creating/managing Vercel Sandbox instances — yet the registry metadata declares no required environment variables or credentials. That discord (code expecting cloud credentials while the skill declares none) is a proportionality/information mismatch and reduces trust.
Instruction Scope
The runtime instructions tell the agent to run shell commands inside sandboxes (dnf install, npm install -g, npx agent-browser install, base64, etc.), read command stdout and files (screenshot paths), and depend on multiple environment variables. Most of these actions are coherent with browser automation, but the instructions access unspecified environment variables and perform package installs and arbitrary shell commands inside VMs — which increases the attack surface and requires explicit declarations and justification that are missing.
Install Mechanism
This is an instruction-only skill with no install spec and no code files, so nothing is written to disk by the skill itself. The SKILL.md recommends adding the @vercel/sandbox package (pnpm add), which is a normal dependency for the described workflow. No remote downloads or extract-from-URL installs are embedded in the skill bundle itself.
Credentials
The SKILL.md reads VERCEL_TOKEN, VERCEL_TEAM_ID, VERCEL_PROJECT_ID, and AGENT_BROWSER_SNAPSHOT_ID — sensitive credentials/config — but the skill metadata lists no required env vars or a primary credential. Requesting Vercel tokens is proportionate to creating sandboxes, but it should be declared in the registry with guidance on minimum scopes. The lack of declared env requirements is inconsistent and could lead users to unknowingly supply broad credentials. Additionally, the skill will capture page contents and screenshots in the sandbox, which could expose sensitive data if misused.
Persistence & Privilege
The skill does not request persistent or elevated platform privileges (always is false). It instructs creating ephemeral sandbox VMs and stopping them after use. There is no indication it modifies other skills, system-wide agent settings, or requests permanent presence.
What to consider before installing
This skill appears to do what it says (run agent-browser inside Vercel sandbox VMs), but the runtime instructions expect Vercel credentials and an optional snapshot ID even though the registry metadata lists no required environment variables. Before installing or using it:
- Confirm the publisher/source and a homepage or repository for the skill and review @vercel/sandbox and agent-browser packages independently.
- Do not supply full-privilege org tokens. If you must provide VERCEL_TOKEN, create a least-privilege service token limited to sandbox creation and to the specific project/team, and rotate it regularly.
- Ask the publisher to declare required env vars (VERCEL_TOKEN, VERCEL_TEAM_ID, VERCEL_PROJECT_ID, AGENT_BROWSER_SNAPSHOT_ID) and to document the exact token scopes needed.
- Review any sandbox snapshot contents before use, and prefer snapshots prepared by a trusted source.
- Be aware screenshots and accessibility snapshots capture page content; avoid sending the skill credentials or secrets for sites you don’t want captured.
If the publisher cannot explain why environment variables are not declared in the metadata or cannot supply a verifiable source, treat the skill with caution or avoid installing it.Like a lobster shell, security has layers — review code before you run it.
latestvk973v0kdcyxfqzst3fy96p8p1d8407b6
License
MIT-0
Free to use, modify, and redistribute. No attribution required.