my-browser-bot

v1.0.4

Browser automation CLI for AI agents. Use when the user needs to interact with websites, including navigating pages, filling forms, clicking buttons, taking...

⭐ 0· 113·0 current·0 all-time

by@handongpu16

MIT-0

Download zip

LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Benign

medium confidence

✓

Purpose & Capability

The name and description (browser automation) match the instructions: navigate pages, snapshot DOM, click/fill elements, take screenshots, and download files. Requiring an external CLI and Chromium is coherent for this purpose.

ℹ

Instruction Scope

SKILL.md tells the agent to run a pipx install of 'mybrowser-skill' and then run many browser actions (navigate arbitrary URLs, click elements, download files, save screenshots to temp files). These actions are expected for a browser automation tool, but they also imply the agent will access arbitrary web content and local temp files — review how the installed tool handles data, network I/O, and filesystem writes.

!

Install Mechanism

The skill is instruction-only but instructs users/agents to run 'pipx install mybrowser-skill' and to run 'mybrowser-skill install' which will download Chromium. Installing an unvetted PyPI package and downloading a browser binary are moderate risks because the exact sources/URLs and package provenance are not specified.

✓

Credentials

No environment variables, credentials, or config paths are requested. The lack of required secrets is proportionate to the declared functionality.

✓

Persistence & Privilege

The skill is not set to always:true and does not request elevated platform-wide privileges. Autonomous invocation is allowed (default) but not combined with other concerning flags.

Assessment

This skill appears to do what it says, but before installing: (1) verify the package source — check the PyPI package page or the source repository and author identity; (2) inspect the package code or review its repo for how it downloads Chromium (which host/URL and checksum); (3) install and run it in a sandboxed environment or container first, not on a sensitive machine; (4) avoid giving the tool any secrets or credentials and be cautious when automating actions on pages that contain private data; (5) prefer alternatives with clear provenance or an official homepage if you cannot verify this package. If you can provide the package's homepage or repository, I can reassess with higher confidence.

Like a lobster shell, security has layers — review code before you run it.

latestvk971gyh6vftwkvzwr7svpbqycx835a10

License

MIT-0

Free to use, modify, and redistribute. No attribution required.

Termshttps://spdx.org/licenses/MIT-0.html

my-browser-bot

License

Comments