ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

AgentBrowser

v1.0.0

A fast Rust-based headless browser automation CLI with Node.js fallback that enables AI agents to navigate, click, type, and snapshot pages via structured co...

0· 16·1 current·1 all-time
byKendrick Lu@kendrick-lu·duplicate of @knightluozichu/agent-browser-0-2-0
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (Rust-based headless browser with Node fallback) generally fits an npm-distributed CLI wrapper. Requiring node/npm is reasonable for the documented npm installation. However there are metadata mismatches: registry ownerId/version (1.0.0) differ from _meta.json ownerId/version (0.2.0), the skill lists no homepage/source while SKILL.md references a GitHub repo (https://github.com/vercel-labs/agent-browser). The 'From Source' instructions use git and pnpm but those binaries are not declared as required. These provenance and dependency omissions reduce confidence in the package's origin and build assumptions.
Instruction Scope
SKILL.md stays within browser automation functionality (open, snapshot, click, fill, screenshot, record, etc.). It does not instruct reading arbitrary system files or hidden configs. However the CLI commands enable operations that touch local data and credentials (upload <file>, cookies/storage manipulation, set credentials, set headers), which could be used to read or transmit local files or secrets if misused. The instructions are explicit about those features but do not constrain how they're used, so an agent with autonomy could perform broad I/O using this tool.
Install Mechanism
This is an instruction-only skill (no install spec in registry). SKILL.md recommends npm install -g agent-browser (and a source build path using git/pnpm), which means installing from the public npm registry or building from GitHub. Installing globally via npm is a normal pattern for CLIs, but it performs an external network fetch and writes binaries. The instructions reference pnpm/git without declaring them as required, and the skill provides no signed homepage or verified source URL in the metadata — this is a provenance gap to verify before running the global install.
Credentials
The skill declares no required environment variables or primary credential, which matches the static metadata. At runtime the CLI supports setting credentials, headers, and HTTP auth via commands, but these are user-invoked features (not requested up front). The absence of requested env vars is reasonable, but because the CLI can accept credentials/headers and upload local files, users should be cautious about what the agent is allowed to instruct the CLI to do.
Persistence & Privilege
The skill does not request always:true and is user-invocable. It is not asking for persistent platform-level privileges in the metadata. Installing the npm CLI will create a global binary, which is normal for CLI wrappers.
Scan Findings in Context
[no_regex_matches] expected: The static scanner found no code to analyze because this is an instruction-only skill (only SKILL.md and docs). This is expected, but it means the scanner could not validate the runtime artifacts that npm would install.
What to consider before installing
Before installing or invoking this skill: (1) Verify the package source on npm and the referenced GitHub repository (confirm the publisher and package contents match what the SKILL.md claims). (2) Prefer installing into an isolated environment (container or VM) rather than globally until provenance is confirmed. (3) Be aware the CLI can upload local files, set HTTP headers/credentials, and manipulate cookies/storage — avoid giving the agent autonomous permission to run commands that upload files or supply secrets. (4) Note metadata inconsistencies (mismatched ownerId/version and missing homepage); ask the skill author for a trustworthy source URL or signed package if you need higher assurance. (5) If you build from source, ensure you have git and pnpm installed and that their use is acceptable; these binaries were not declared in the skill metadata.

Like a lobster shell, security has layers — review code before you run it.

latestvk978mjeyrv3813t6xryvk0zv6d84d9at

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🌐 Clawdis
Binsnode, npm

Comments