ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Agent Browser Core 1.0.1

v1.0.0

OpenClaw skill for the agent-browser CLI (Rust-based with Node.js fallback) enabling AI-friendly web automation with snapshots, refs, and structured commands.

0· 658·9 current·10 all-time
by@lion504
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description match the SKILL.md and reference docs: this is a playbook for using an external agent-browser CLI. The skill does not request unrelated credentials or system resources, and its required inputs (installed CLI, browser runtime, target URLs, session strategy) are appropriate for the stated purpose.
Instruction Scope
Instructions stay within the domain of driving a browser CLI and include sensible safety guardrails (disallow eval, file access, proxy, etc.). They reference saving/loading state and treat state files as secrets — that's expected but increases sensitivity of any persisted state. The SKILL.md instructs the user to install the CLI (npm), but the skill bundle itself contains no install or execution directives, so the agent will rely on a separately installed binary.
Install Mechanism
There is no install spec in the skill (lowest risk). However the docs recommend using `npm install -g agent-browser@<version>` and `agent-browser install` to provision runtimes; those are external actions the user/agent must perform. Because no code or remote downloads are bundled, the skill itself does not perform any installation, but you should ensure the CLI is installed from an official, pinned source before use.
Credentials
The skill requests no environment variables or credentials. It documents features that handle secrets (state files, cookies, credentials) and advises treating them as sensitive, which is proportional to browser automation use. No unrelated SECRET/TOKEN env vars are requested.
Persistence & Privilege
always is false and disable-model-invocation is false (normal). The skill does not request persistent system-level privileges or attempt to modify other skills or global agent configuration. Autonomous invocation by the agent is allowed by platform default but not excessive here.
Assessment
This skill is a documentation/playbook for an external CLI and appears coherent and benign. Before installing/using the recommended agent-browser CLI: 1) obtain and pin a trusted release (verify the upstream source) rather than installing an unverified package; 2) run the CLI in a restricted environment or container and follow the included safe-mode checklist (block localhost/private networks, disallow eval/--allow-file-access unless explicitly needed); 3) treat saved state files and cookies as secrets and rotate/remove them when finished; 4) note a minor manifest inconsistency (the included _meta.json owner/version differs from the registry metadata) — verify the publisher/slug before trusting the package.

Like a lobster shell, security has layers — review code before you run it.

latestvk97e384k4rad1nnym70w62zbss81svsy

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments