Agent Browser
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This skill matches its browser-automation purpose, but users should review it carefully because it relies on an externally installed CLI with unclear provenance and can access browser cookies/session storage.
Install only if you trust the external agent-browser npm package and can verify the publisher/source. Use a separate browser session or disposable profile, avoid sensitive logged-in accounts unless necessary, and require confirmation before the agent submits forms, uploads files, or changes account data.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user may not be able to tell whether the reviewed skill is the same package/version they are installing or enabling.
The included artifact identity differs from the registry metadata supplied for review, which lists owner ID kn71xqh9jzmk8ce9vct30z9h89830van, slug agent-browser100, and version 1.0.0. This creates a provenance and package-identity ambiguity.
"ownerId": "kn72ce44tqw8bnnnewrn1s5x3s7yz7sq", "slug": "agent-browser", "version": "0.2.0"
Verify the publisher and package identity before installing, and prefer a skill package whose registry metadata, _meta.json, source URL, and version all match.
Installing the skill may require trusting the external npm package and any browser/dependency installation it performs.
The skill depends on an external global npm package and follow-up installer rather than included reviewed code or a pinned install spec. This is common for a CLI wrapper, but it means most executable behavior is outside the provided artifacts.
npm install -g agent-browser agent-browser install agent-browser install --with-deps
Install only after checking the upstream package, pin versions where possible, and avoid running install commands from an untrusted source.
If used on logged-in websites, the agent may be able to access or reuse active web sessions and sensitive site data.
Cookies and localStorage can contain account session tokens and private site state. The documentation exposes commands to read them and says they are preserved, but it does not clearly bound which browser profile/session is used, how long data persists, or when the agent should avoid accessing it.
Recording creates a fresh context but preserves cookies/storage from your session. ... agent-browser cookies # Get all cookies ... agent-browser storage local # Get all localStorage
Use a dedicated disposable browser profile for this tool, avoid sensitive logged-in sites unless necessary, and clear cookies/storage after use.
The agent could submit forms, change settings, or upload a file if directed to do so on a live website.
The tool lets an agent click, type, fill forms, and upload files on websites. These actions are central to browser automation, but they can have real account or public-web effects depending on the site.
agent-browser click @e1 ... agent-browser fill @e2 "text" ... agent-browser upload @e1 file.pdf
Require explicit user confirmation before submissions, purchases, account changes, public posts, or file uploads on sensitive sites.