Agent Browser Zc
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is a coherent browser-automation wrapper, but it gives the agent broad web control and access to browser session data without clear scoping safeguards.
Install only if you are comfortable giving the agent a browser automation tool. Use separate test accounts or disposable browser sessions, avoid sensitive logged-in sites unless necessary, and require confirmation before cookie/storage access, form submission, purchases, posts, or file uploads.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used on logged-in or sensitive sites, the agent could expose or reuse session data in ways the user did not intend.
The skill explicitly documents commands that can read browser cookies and localStorage and preserve session state; these can contain authentication/session data, but the artifacts do not scope which sites, profiles, or outputs are safe.
agent-browser cookies # Get all cookies agent-browser storage local # Get all localStorage ... Recording creates a fresh context but preserves cookies/storage from your session.
Use a separate test browser context or account, avoid sensitive logged-in sessions, and require explicit confirmation before reading cookies/storage or using credentials.
The agent can click, type, submit forms, and upload files through the browser, which may affect real websites or accounts.
The wildcard tool allowance lets the agent invoke the full agent-browser CLI, including state-changing page interactions and user-selected file uploads. This is purpose-aligned, but broad.
allowed-tools: Bash(agent-browser:*) ... agent-browser click @e1 agent-browser fill @e2 "text" agent-browser upload @e1 file.pdf
Supervise state-changing actions, restrict use to intended sites/files, and ask the agent to confirm before submitting forms, purchases, posts, or uploads.
Your security depends on the external agent-browser package and its dependencies, not just this skill file.
The skill is instruction-only and relies on installing external, unpinned code from npm or source; the actual package code is not included in the reviewed artifacts.
npm install -g agent-browser agent-browser install agent-browser install --with-deps ... git clone https://github.com/vercel-labs/agent-browser cd agent-browser pnpm install pnpm build
Install only from a trusted source, consider pinning a known-good version, and review the external package before using it on sensitive sites.