Agent Browser
v0.1.0Browser automation CLI for AI agents. Use when the user needs to interact with websites, including navigating pages, filling forms, clicking buttons, taking...
⭐ 0· 242·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description (browser automation CLI) matches the content: SKILL.md, command reference, session/auth templates, proxy and profiling docs, and example workflows all implement browser automation features. The included templates and references are appropriate for the claimed purpose; nothing in the package unexpectedly asks for unrelated cloud credentials or unrelated system-level access.
Instruction Scope
The instructions allow powerful actions appropriate to browser automation: loading/saving session state (plaintext tokens), connecting to a running Chrome via CDP (--remote-debugging-port), evaluating arbitrary JavaScript (via --stdin / base64), intercepting and mocking network requests, configuring proxies, and persisting profiles. Those capabilities are coherent with the purpose but also permit exfiltration or broad access to local browser data if misused — the docs explicitly describe saving/loading state files and importing browser cookies, which are sensitive operations.
Install Mechanism
The skill is instruction-only (no install spec), which is low technical risk for the skill bundle. However the SKILL.md tells users to install an external "agent-browser" CLI (npm/brew/cargo) and to run `agent-browser install` to download Chrome. Installing and running that external binary is a separate trust decision: verify the provenance and contents of the agent-browser package before installing it on your machine.
Credentials
The registry metadata lists no required env vars, which is reasonable for an instruction-only skill. The documentation and templates reference several environment variables (APP_USERNAME, APP_PASSWORD, AGENT_BROWSER_ENCRYPTION_KEY, AGENT_BROWSER_PROFILE, HTTP_PROXY/HTTPS_PROXY, etc.). Those variables are relevant to browser automation but are not declared in the registry metadata — treat them as optional inputs the templates may read. Be cautious about supplying secrets in env vars or saving them in persistent session files.
Persistence & Privilege
The skill does not request always:true and is not force-included; autonomous invocation is enabled by default (normal). The workflows intentionally persist session/profile state and recommend saving auth state to disk; this is expected for the feature set but means sensitive session tokens/cookies can be stored on disk. The docs also recommend connecting to a running Chrome via remote-debugging which exposes full browser control to local processes — a normal capability for automation but a security-sensitive one.
Assessment
This skill is internally consistent with a browser-automation tool, but before using it: 1) Vet and install the external "agent-browser" CLI from a trusted source (npm/brew/cargo package) — the skill only documents commands and expects that binary to exist. 2) Be careful importing browser auth or using --remote-debugging-port: those actions give full access to your browser cookies, localStorage, and active sessions. 3) Treat saved state files as highly sensitive (they contain session tokens in plaintext by default): add them to .gitignore, delete when done, or set AGENT_BROWSER_ENCRYPTION_KEY if you use encryption. 4) Avoid storing passwords in code or committed files; use an auth vault or environment variables and protect those values. 5) Review templates (authenticated-session.sh, capture-workflow.sh, form-automation.sh) before running — they reference APP_USERNAME/APP_PASSWORD and will run agent-browser commands that can read/write files and network. 6) If you need to restrict blast radius, run automation in an isolated/ephemeral environment (container, VM) and avoid connecting your personal browser session. 7) If you require higher assurance, ask the publisher for the agent-browser source or prefer a CLI from a known upstream project.Like a lobster shell, security has layers — review code before you run it.
latestvk97d6ah41fay4pfby1q9mbt89x82wjw2
License
MIT-0
Free to use, modify, and redistribute. No attribution required.