Agent Browser Clawdbot
Security checks across malware telemetry and agentic risk
Overview
This is a coherent browser automation skill, but it deserves review because it can automate logged-in websites and save or reuse cookies/session data without clear scoping or retention safeguards.
Review this skill before installing. It is not showing evidence of malicious behavior, but it gives an agent a powerful browser automation workflow and encourages saving login state. Only use it with trusted sites, protect any auth.json or session files, do not store them in shared repositories, and require confirmation before actions that change accounts, submit forms, post content, or spend money.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used on logged-in or sensitive sites, the agent could click buttons, fill forms, or change page/network behavior as the current browser user.
The skill exposes browser actions that can submit forms, change account state, or alter network behavior. This is expected for a browser automation skill, but it is powerful and broadly scoped.
agent-browser click @e2
agent-browser fill @e3 "text"
agent-browser press "Enter"
agent-browser network route "**/api/*" --body '{"x":1}'Use this only on intended sites and require explicit user approval before purchases, postings, account changes, destructive actions, or traffic mocking.
Saved auth files may let future runs act as the user on logged-in websites, and anyone with access to those files could potentially reuse the session.
The skill explicitly supports saving, loading, and reading browser cookies/storage, which can carry logged-in account authority. The artifacts do not define domain limits, approval requirements, retention, or protection for these auth files.
agent-browser state save auth.json # Save cookies/storage agent-browser state load auth.json # Load (skip login) ... agent-browser cookies # Get all
Only save auth state for trusted, intended sites; store auth files securely; avoid checking them into projects; delete them when no longer needed; and require confirmation before using saved sessions.
The actual installed CLI and browser dependencies are outside the provided artifacts, so their behavior is not verified by this review.
The skill asks the user to install a global npm package and download browser/system dependencies, but the reviewed skill package contains no code or pinned install specification for those components.
npm install -g agent-browser agent-browser install # Download Chromium agent-browser install --with-deps # Linux: + system deps
Install only from the expected upstream package, verify the package name and publisher, prefer pinned versions where possible, and review the upstream project before use.
A later agent session could reuse old logged-in state or act under the wrong account if auth files are shared, stale, or mislabeled.
The skill recommends persistent browser state reuse. Persisted cookies/storage can carry sensitive account context into later tasks, but the artifacts do not describe isolation, expiration, cleanup, or cross-task reuse controls.
### State Persistence agent-browser state save auth.json # Save cookies/storage agent-browser state load auth.json # Load (skip login) ... 4. **Save auth state** - Skip login flows with `state save/load`
Use separate, clearly named auth-state files per site/account, keep them out of shared folders, rotate or delete them regularly, and avoid loading saved sessions unless the user explicitly requests it.