Agent Browser 0
ReviewAudited by ClawScan on May 10, 2026.
Overview
This skill is a coherent browser automation wrapper, but it gives agents access to browser sessions, cookies, storage, and real website actions with unclear safety boundaries.
Install only if you trust the upstream agent-browser package. Use a separate browser profile or test account, avoid sensitive sites unless necessary, and require explicit approval before credential entry, authenticated actions, uploads, or reading cookies/localStorage.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent using this skill could submit forms, click account controls, or upload chosen files on websites if directed or if it misinterprets a task.
The allowed tool is scoped to the agent-browser CLI, but that CLI can drive browser clicks, text entry, and selected file uploads. This is purpose-aligned, but users should understand it can take real web actions.
allowed-tools: Bash(agent-browser:*) ... agent-browser click @e1 ... agent-browser fill @e2 "text" ... agent-browser upload @e1 file.pdf
Use it with explicit user confirmation for purchases, submissions, account changes, public posting, or uploads.
The agent may act as the signed-in user on websites, which could affect accounts or expose authenticated sessions.
The skill can use credentials and preserve session state, but the artifacts do not clearly define which browser profile/session is used or how authenticated actions should be constrained.
agent-browser set credentials user pass # HTTP basic auth ... Recording creates a fresh context but preserves cookies/storage from your session.
Use isolated browser profiles or test accounts, and require explicit approval before using credentials or authenticated sessions.
Sensitive browser data could be shown to the agent or included in task context, increasing the risk of accidental disclosure or reuse.
Cookies and localStorage can contain sensitive session or account data. The artifacts disclose access but do not bound what is read, where it is stored, or how it is reused across tasks.
agent-browser cookies # Get all cookies ... agent-browser storage local # Get all localStorage
Avoid running cookie/storage commands on sensitive sites, clear browser state when finished, and prefer a dedicated profile with no personal accounts.
Installing the upstream package requires trusting the npm package and any dependencies it installs.
The installation path delegates to an unpinned global npm package and its installer. This is expected for a CLI wrapper, but the reviewed skill contains no bundled code to verify.
npm install -g agent-browser agent-browser install agent-browser install --with-deps
Verify the npm package and upstream repository before installing, and consider pinning a known version.