My Agent Browser
ReviewAudited by ClawScan on May 10, 2026.
Overview
This is a plausible browser automation skill, but it deserves review because it can operate authenticated web sessions and its package/provenance information is unclear.
Install only if you trust the upstream agent-browser package and can verify the provenance. Prefer a sandboxed environment, a separate browser profile, and test accounts. Do not use personal logged-in sessions or credentials unless you are comfortable with the agent reading and acting through that session, and require confirmation before any upload, post, purchase, deletion, or account-changing action.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used on real accounts or sensitive sites, the agent could perform meaningful web actions unless the user supervises what it does.
The wildcard tool grant is purpose-aligned for a browser automation skill, but it lets the agent drive pages, fill inputs, and upload files through the CLI.
allowed-tools: Bash(agent-browser:*) ... agent-browser click @e1 ... agent-browser fill @e2 "text" ... agent-browser upload @e1 file.pdf
Use it only for sites and actions you authorize, and require explicit confirmation before logins, uploads, purchases, posts, deletions, or account changes.
The agent may be able to read or reuse web session state, which could affect logged-in accounts or expose sensitive session data in outputs.
Cookies, localStorage, and HTTP credentials can carry account identity/session access, but the artifacts do not clearly bound which browser profile, domains, outputs, or retention rules apply.
Recording creates a fresh context but preserves cookies/storage from your session. ... agent-browser cookies ... # Get all cookies ... agent-browser storage local ... # Get all localStorage ... agent-browser set credentials user pass # HTTP basic auth
Run it in a dedicated browser context or test account, avoid personal logged-in sessions, clear cookies/storage between tasks, and do not provide credentials unless necessary.
You are trusting the external npm package and whatever dependencies it installs, not just the small instruction-only skill wrapper.
The setup relies on a globally installed external npm CLI and browser dependency installation. This is expected for the skill purpose, but the version is not pinned in the instructions.
npm install -g agent-browser agent-browser install agent-browser install --with-deps
Verify the upstream package/repository, pin a trusted version where possible, and install in a controlled environment.
The mismatch makes it harder to tell which package/version/maintainer is actually responsible for the skill.
The included metadata conflicts with the registry information shown for this submission, which lists a different owner ID, slug `my-agent-browser`, and version `1.0.0`.
"ownerId": "kn72ce44tqw8bnnnewrn1s5x3s7yz7sq", "slug": "agent-browser", "version": "0.2.0"
Resolve the registry and _meta.json identity/version mismatch before relying on the skill in sensitive workflows.