ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Agent Browser Clawdbot 0.1.0

Headless browser automation CLI optimized for AI agents with accessibility tree snapshots and ref-based element selection

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 63 · 4 current installs · 4 all-time installs
by@ddbq
MIT-0
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The SKILL.md describes a headless browser automation CLI (agent-browser) and the commands it needs; that capability aligns with the skill name and description. However the skill metadata embedded in SKILL.md declares a required command ('agent-browser') while the registry metadata lists no required binaries — this mismatch is an inconsistency. The homepage points at a GitHub repo, but the registry 'Source' is unknown.
Instruction Scope
Instructions are focused on invoking the agent-browser CLI and staying within browser automation tasks (navigation, snapshots, interactions, network control, state save/load). These commands legitimately read and write local files (e.g., state save/load auth.json) and control network requests — expected for a browser automation tool but also means the agent could access sensitive local session files or exfiltrate data if misused. The SKILL.md references an environment variable example (AGENT_BROWSER_SESSION) that is not declared elsewhere.
Install Mechanism
This is an instruction-only skill with no install spec. SKILL.md suggests installing via 'npm install -g agent-browser' and running 'agent-browser install' to download Chromium and deps. That is a reasonable, common install path for a CLI, but the registry provides no formal install step — the agent or user must install the CLI separately. No URL-based or high-risk installer is present in the package itself.
Credentials
The skill does not request credentials or environment variables in the registry. The SKILL.md shows an optional AGENT_BROWSER_SESSION env example and uses local state files, which is proportionate to browser automation. There are no unexplained credentials or extraneous env var requests.
Persistence & Privilege
Flags are default (always: false, user-invocable true, autonomous invocation allowed). The skill does not request permanent presence or modify other skills. No persistence or privilege escalation behavior is declared.
Scan Findings in Context
[empty-scan] expected: The regex scanner had no code files to analyze because this is an instruction-only skill (SKILL.md only). That's expected for many skills but means static analysis found nothing.
What to consider before installing
This skill is an instruction-only wrapper around a CLI called 'agent-browser'. Before installing or using it: 1) Verify you trust the 'agent-browser' npm package and its GitHub repo (check publisher identity and recent releases). 2) Be aware this tool can load and save local auth files (auth.json, admin-auth.json) and access cookies/localStorage — do not load secrets or production auth files unless you trust the environment. 3) The SKILL.md expects the 'agent-browser' CLI to be installed (npm install -g agent-browser) and may download Chromium and system deps; run installs in a sandbox or review the package contents first. 4) Note the metadata inconsistencies (registry lists no required binaries while SKILL.md declares a required command, and the embedded _meta.json ownerId differs from the registry ownerId) — confirm the publisher identity before proceeding. 5) If you want to be cautious: install and run the CLI in an isolated VM/container, inspect the npm package source, and avoid loading sensitive state files into automated runs.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk977a052ne1fv0qrjp7c55ccgx82vb9h

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🌐 Clawdis

SKILL.md

Agent Browser Skill

Fast browser automation using accessibility tree snapshots with refs for deterministic element selection.

Why Use This Over Built-in Browser Tool

Use agent-browser when:

  • Automating multi-step workflows
  • Need deterministic element selection
  • Performance is critical
  • Working with complex SPAs
  • Need session isolation

Use built-in browser tool when:

  • Need screenshots/PDFs for analysis
  • Visual inspection required
  • Browser extension integration needed

Core Workflow

# 1. Navigate and snapshot
agent-browser open https://example.com
agent-browser snapshot -i --json

# 2. Parse refs from JSON, then interact
agent-browser click @e2
agent-browser fill @e3 "text"

# 3. Re-snapshot after page changes
agent-browser snapshot -i --json

Key Commands

Navigation

agent-browser open <url>
agent-browser back | forward | reload | close

Snapshot (Always use -i --json)

agent-browser snapshot -i --json          # Interactive elements, JSON output
agent-browser snapshot -i -c -d 5 --json  # + compact, depth limit
agent-browser snapshot -s "#main" -i      # Scope to selector

Interactions (Ref-based)

agent-browser click @e2
agent-browser fill @e3 "text"
agent-browser type @e3 "text"
agent-browser hover @e4
agent-browser check @e5 | uncheck @e5
agent-browser select @e6 "value"
agent-browser press "Enter"
agent-browser scroll down 500
agent-browser drag @e7 @e8

Get Information

agent-browser get text @e1 --json
agent-browser get html @e2 --json
agent-browser get value @e3 --json
agent-browser get attr @e4 "href" --json
agent-browser get title --json
agent-browser get url --json
agent-browser get count ".item" --json

Check State

agent-browser is visible @e2 --json
agent-browser is enabled @e3 --json
agent-browser is checked @e4 --json

Wait

agent-browser wait @e2                    # Wait for element
agent-browser wait 1000                   # Wait ms
agent-browser wait --text "Welcome"       # Wait for text
agent-browser wait --url "**/dashboard"   # Wait for URL
agent-browser wait --load networkidle     # Wait for network
agent-browser wait --fn "window.ready === true"

Sessions (Isolated Browsers)

agent-browser --session admin open site.com
agent-browser --session user open site.com
agent-browser session list
# Or via env: AGENT_BROWSER_SESSION=admin agent-browser ...

State Persistence

agent-browser state save auth.json        # Save cookies/storage
agent-browser state load auth.json        # Load (skip login)

Screenshots & PDFs

agent-browser screenshot page.png
agent-browser screenshot --full page.png
agent-browser pdf page.pdf

Network Control

agent-browser network route "**/ads/*" --abort           # Block
agent-browser network route "**/api/*" --body '{"x":1}'  # Mock
agent-browser network requests --filter api              # View

Cookies & Storage

agent-browser cookies                     # Get all
agent-browser cookies set name value
agent-browser storage local key           # Get localStorage
agent-browser storage local set key val

Tabs & Frames

agent-browser tab new https://example.com
agent-browser tab 2                       # Switch to tab
agent-browser frame @e5                   # Switch to iframe
agent-browser frame main                  # Back to main

Snapshot Output Format

{
  "success": true,
  "data": {
    "snapshot": "...",
    "refs": {
      "e1": {"role": "heading", "name": "Example Domain"},
      "e2": {"role": "button", "name": "Submit"},
      "e3": {"role": "textbox", "name": "Email"}
    }
  }
}

Best Practices

  1. Always use -i flag - Focus on interactive elements
  2. Always use --json - Easier to parse
  3. Wait for stability - agent-browser wait --load networkidle
  4. Save auth state - Skip login flows with state save/load
  5. Use sessions - Isolate different browser contexts
  6. Use --headed for debugging - See what's happening

Example: Search and Extract

agent-browser open https://www.google.com
agent-browser snapshot -i --json
# AI identifies search box @e1
agent-browser fill @e1 "AI agents"
agent-browser press Enter
agent-browser wait --load networkidle
agent-browser snapshot -i --json
# AI identifies result refs
agent-browser get text @e3 --json
agent-browser get attr @e4 "href" --json

Example: Multi-Session Testing

# Admin session
agent-browser --session admin open app.com
agent-browser --session admin state load admin-auth.json
agent-browser --session admin snapshot -i --json

# User session (simultaneous)
agent-browser --session user open app.com
agent-browser --session user state load user-auth.json
agent-browser --session user snapshot -i --json

Installation

npm install -g agent-browser
agent-browser install                     # Download Chromium
agent-browser install --with-deps         # Linux: + system deps

Credits

Skill created by Yossi Elkrief (@MaTriXy)

agent-browser CLI by Vercel Labs

Files

2 total
Select a file
Select a file to preview.

Comments

Loading comments…