Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Browser Automation Clawdbot
v1.0.0Headless browser automation CLI optimized for AI agents with accessibility tree snapshots and ref-based element selection
⭐ 0· 153·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The SKILL.md describes an agent-browser CLI for headless browser automation which matches the skill name and description. However, metadata in SKILL.md declares a required command ('agent-browser') while the top-level registry requirements reported 'none' for required binaries — a small inconsistency. _meta.json owner/slug/version values also differ from the registry metadata, which suggests mismatched packaging or an outdated manifest.
Instruction Scope
The runtime instructions are limited to running the agent-browser CLI and parsing its JSON output. This stays within the stated purpose. Important scope items to note: the instructions include 'state save/load' (reading/writing auth JSON files), session env var usage (AGENT_BROWSER_SESSION), and commands that can intercept or mock network traffic. Those are expected for a browser automation tool but can expose or reuse sensitive credentials/cookies if the agent is told to load local state files.
Install Mechanism
This is an instruction-only skill with no platform install spec, but SKILL.md recommends 'npm install -g agent-browser' and running 'agent-browser install' to download Chromium. That is a typical install path for such a tool, but it requires installing a third-party npm package and downloading a browser binary — both are moderate-risk operations that should be vetted (verify npm package, registry publisher, and the upstream GitHub repo) before running on a machine with sensitive data.
Credentials
The skill does not declare required environment variables or credentials, which is appropriate. The instructions reference an optional AGENT_BROWSER_SESSION env var and file-based state (auth.json) for session persistence; these are proportional to a browser automation tool but mean local files containing cookies/storage could be loaded, so treat state files as sensitive.
Persistence & Privilege
The skill does not request always:true and is not asking to modify other skills or system-wide settings. It is user-invocable and allows autonomous invocation (platform default). Nothing here grants elevated, permanent privileges beyond normal agent invocation.
Assessment
This skill appears to be what it claims: documentation for using the 'agent-browser' CLI. Before installing or running it, verify the upstream package/repo (npm and the GitHub homepage) to ensure you trust the publisher. Be cautious with the recommended 'npm install -g' and with running 'agent-browser install' (which downloads Chromium). Treat any state files (auth.json) as sensitive — do not load third-party-provided auth state, and avoid saving session state that contains cookies or tokens you care about. Also note the small manifest inconsistencies (declared required command vs. registry metadata, and differing owner/slug in _meta.json); these suggest you should confirm the skill package's provenance before use. If you want a lower-risk setup, run installs in an isolated environment or sandbox and review the package source on GitHub first.Like a lobster shell, security has layers — review code before you run it.
latestvk9705vbysq13t3tfw3hmpmbep583z34w
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🌐 Clawdis