Agent Browser Temp
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This browser-automation skill is mostly coherent, but it gives an agent broad web-control powers and access to browser cookies/storage without clear safety boundaries.
Review before installing. This looks like a legitimate browser-automation wrapper, but use it carefully: install only a trusted version of the external CLI, run it in a separate browser/session when possible, and require explicit confirmation before it acts on logged-in accounts, uploads files, or reveals cookies/localStorage.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent could interact with websites in ways that submit forms, upload files, or change account state if used on logged-in or sensitive pages.
The skill permits broad browser-control commands, including clicking, typing into forms, and uploading files. These are purpose-aligned, but the artifacts do not define approval boundaries for sensitive web actions.
allowed-tools: Bash(agent-browser:*) ... agent-browser click @e1 ... agent-browser fill @e2 "text" ... agent-browser upload @e1 file.pdf
Use this only with clear user direction, and require explicit confirmation before purchases, account changes, public posts, file uploads, or other sensitive actions.
The agent may be able to read or reuse session data for logged-in websites, which could expose tokens or let actions occur as the user.
Cookies, localStorage, and HTTP credentials can contain or confer account access. The skill documents access to these values but does not clearly scope which credentials/session data may be used or displayed.
Recording creates a fresh context but preserves cookies/storage from your session. ... agent-browser cookies # Get all cookies ... agent-browser storage local # Get all localStorage ... agent-browser set credentials user pass
Run it in a separate browser profile or disposable session, avoid using it on sensitive logged-in accounts unless necessary, and do not expose cookie/storage output to untrusted contexts.
You are trusting the external npm package and its installed browser/dependencies, not just the small skill wrapper shown here.
The skill is instruction-only and directs users to install an external global npm CLI and its dependencies. This is central to the skill's purpose, but the install is unpinned and the reviewed artifacts do not include the CLI code.
npm install -g agent-browser agent-browser install agent-browser install --with-deps
Verify the npm package and upstream repository, consider pinning a known version, and install in a sandboxed environment if possible.