ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Agent Browser Temp

v1.0.0

A fast Rust-based headless browser automation CLI with Node.js fallback that enables AI agents to navigate, click, type, and snapshot pages via structured co...

0· 171·1 current·4 all-time
by@liguang00806·fork of @thesethrose/agent-browser (0.2.0)
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (headless browser automation CLI) match the declared required binaries (node, npm) and the SKILL.md which documents the agent-browser CLI. The declared purpose reasonably explains the commands and interactions included in the instructions.
Instruction Scope
SKILL.md instructs the agent to run many agent-browser CLI commands (navigate, click, fill, snapshot, record, set cookies/storage/headers, upload files). Those actions are expected for a browser automation tool, but they give the agent broad ability to interact with arbitrary web content, read/modify cookies and storage, and record sessions — which could expose sensitive data if used against authenticated or internal sites. The instructions do not tell the agent to read local host files or undeclared environment variables.
Install Mechanism
This is an instruction-only skill with no install spec; SKILL.md recommends installing agent-browser from npm (or GitHub source). Relying on an external npm package is expected for this skill, but you should verify the package's origin and integrity before running global installs. There is no embedded download URL or extract step inside the skill bundle itself.
Credentials
The skill declares no required environment variables, no credentials, and no config paths. That aligns with a CLI wrapper: the runtime tool may accept credentials as arguments but the skill itself does not request unrelated secrets.
Persistence & Privilege
always is false and the skill does not request permanent presence or system-level configuration changes. It simply documents CLI usage and does not attempt to modify other skills or system-wide settings.
Assessment
This skill is internally consistent: it documents using an external CLI (agent-browser) and requires node/npm. Before installing/using it, verify the upstream agent-browser npm package and GitHub repository (publisher, recent releases, README, and issues) to ensure you trust the code. Prefer installing and testing in an isolated environment (or container/VM) rather than globally on your main system. Be cautious when automating authenticated or internal sites: the tool can read cookies, localStorage, and take recordings or screenshots — do not point it at sensitive pages unless you trust the tool and its installation source.

Like a lobster shell, security has layers — review code before you run it.

latestvk97axv0c052cgjzwnh2cee0gax82vd8d

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🌐 Clawdis
Binsnode, npm

Comments