Agent Browser 0.2.0
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used on sensitive sites, the agent could perform real web actions such as changing settings, submitting forms, or uploading a selected file.
The skill grants the agent access to a broad browser automation CLI. This matches the purpose, but the commands can click, type, submit, and upload files on websites.
allowed-tools: Bash(agent-browser:*) ... agent-browser click @e1 ... agent-browser fill @e2 "text" ... agent-browser upload @e1 file.pdf
Use it for clearly requested browser tasks, and review/confirm actions before account changes, purchases, posts, deletions, or file uploads.
The behavior ultimately depends on the installed agent-browser package, not just this skill documentation.
The actual executable is installed from npm or built from GitHub, and the reviewed skill contains no code files for that CLI. This is normal for a wrapper skill, but users are trusting the external package/source.
npm install -g agent-browser agent-browser install agent-browser install --with-deps ... git clone https://github.com/vercel-labs/agent-browser cd agent-browser pnpm install pnpm build
Install only from a trusted package/source, consider pinning a known version, and verify the upstream project before using it with important accounts or data.
If credentials are used on the wrong site or exposed in command history/output, protected account access could be affected.
The CLI can be given HTTP Basic Auth credentials. That is expected for browser automation, but credentials grant access to protected sites.
agent-browser set credentials user pass # HTTP basic auth
Only provide credentials for intended sites, avoid sharing secrets in prompts when possible, and clear or rotate credentials if they may have been exposed.
Session data from one browsing task could be visible in outputs or reused in later browser actions.
The browser context can retain and expose cookies or localStorage. This is useful for logged-in automation, but those values may include sensitive session data.
Recording creates a fresh context but preserves cookies/storage from your session ... agent-browser cookies # Get all cookies agent-browser storage local # Get all localStorage
Use separate browser contexts for sensitive work, avoid unnecessary cookie/storage inspection, and clear cookies/storage after tasks involving private accounts.