My Agent Browser
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: my-agent-browser Version: 1.0.0 The skill bundle provides a comprehensive and well-documented interface for the 'agent-browser' CLI, a legitimate tool for headless browser automation. It includes standard commands for web navigation, interaction, and session management (such as cookie handling and state saving). While the tool inherently possesses high-risk capabilities like JavaScript execution and session data access, these are strictly aligned with its stated purpose of web automation and lack any indicators of malicious intent, unauthorized data exfiltration, or prompt injection in SKILL.md.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used on real accounts or sensitive sites, the agent could perform meaningful web actions unless the user supervises what it does.
The wildcard tool grant is purpose-aligned for a browser automation skill, but it lets the agent drive pages, fill inputs, and upload files through the CLI.
allowed-tools: Bash(agent-browser:*) ... agent-browser click @e1 ... agent-browser fill @e2 "text" ... agent-browser upload @e1 file.pdf
Use it only for sites and actions you authorize, and require explicit confirmation before logins, uploads, purchases, posts, deletions, or account changes.
The agent may be able to read or reuse web session state, which could affect logged-in accounts or expose sensitive session data in outputs.
Cookies, localStorage, and HTTP credentials can carry account identity/session access, but the artifacts do not clearly bound which browser profile, domains, outputs, or retention rules apply.
Recording creates a fresh context but preserves cookies/storage from your session. ... agent-browser cookies ... # Get all cookies ... agent-browser storage local ... # Get all localStorage ... agent-browser set credentials user pass # HTTP basic auth
Run it in a dedicated browser context or test account, avoid personal logged-in sessions, clear cookies/storage between tasks, and do not provide credentials unless necessary.
You are trusting the external npm package and whatever dependencies it installs, not just the small instruction-only skill wrapper.
The setup relies on a globally installed external npm CLI and browser dependency installation. This is expected for the skill purpose, but the version is not pinned in the instructions.
npm install -g agent-browser agent-browser install agent-browser install --with-deps
Verify the upstream package/repository, pin a trusted version where possible, and install in a controlled environment.
The mismatch makes it harder to tell which package/version/maintainer is actually responsible for the skill.
The included metadata conflicts with the registry information shown for this submission, which lists a different owner ID, slug `my-agent-browser`, and version `1.0.0`.
"ownerId": "kn72ce44tqw8bnnnewrn1s5x3s7yz7sq", "slug": "agent-browser", "version": "0.2.0"
Resolve the registry and _meta.json identity/version mismatch before relying on the skill in sensitive workflows.