Agent Browser Disabled
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This browser-automation skill is mostly purpose-aligned, but it gives an agent broad website-control and session/cookie access while relying on an externally installed, unpinned CLI with some package identity inconsistencies.
Install this only if you trust the agent-browser upstream package and are comfortable letting an agent drive a browser. Use a separate browser context or test account for sensitive sites, avoid exposing cookies/localStorage or credentials, and confirm any action that submits data, changes accounts, purchases items, posts content, or uploads files.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent could interact with websites on your behalf, including submitting forms or uploading files, if you ask it to use this skill.
The skill deliberately exposes a broad browser automation CLI that can click, type, and upload files. This is aligned with the skill purpose, but it can perform high-impact web actions if used on real accounts or sensitive sites.
allowed-tools: Bash(agent-browser:*) ... agent-browser click @e1 ... agent-browser fill @e2 "text" ... agent-browser upload @e1 file.pdf
Use it only on sites and sessions where you are comfortable with agent-driven actions, and require explicit confirmation before purchases, account changes, posts, uploads, or submissions.
The agent may be able to view or modify session data for websites you are logged into through this browser context, which could expose account access or private page data.
The skill documents access to cookies, localStorage, and HTTP credentials. These can contain or grant access to authenticated sessions, but the artifacts do not clearly bound which sessions are used, what cookie/storage output may contain, or when the agent should avoid exposing it.
Recording creates a fresh context but preserves cookies/storage from your session ... agent-browser cookies # Get all cookies ... agent-browser storage local # Get all localStorage ... agent-browser set credentials user pass
Avoid using this skill with sensitive logged-in sessions unless necessary. Clear cookies/storage when done, and do not ask the agent to print or share cookies, localStorage, credentials, or headers.
You may install and trust code whose exact version and provenance are not fixed by the skill artifacts, which matters because the CLI controls browser sessions and can access cookies/storage.
The skill relies on an externally installed global CLI and source checkout without pinning a package version or commit. The registry says the skill is 'agent-browser-disabled' version 1.0.0, while _meta.json identifies slug 'agent-browser' version 0.2.0, creating a provenance and identity mismatch.
npm install -g agent-browser ... git clone https://github.com/vercel-labs/agent-browser ... pnpm install ... pnpm build
Install only from a trusted upstream, pin the npm package or Git commit when possible, and verify that the skill identity and upstream package match what you intend to use.