自我智能改进体
ReviewAudited by ClawScan on May 11, 2026.
Overview
This is mostly a browser automation skill, but its provenance and install metadata are inconsistent and it asks users to install an unpinned global CLI/browser dependency.
Before installing, confirm that the agent-browser package is the intended official package and pin a trusted version. If you use it, supervise actions on logged-in sites and protect any saved auth-state files.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the dependency could run and trust external code that was not included in the reviewed skill artifacts.
The skill depends on an external CLI and instructs a global, unpinned npm install plus a Chromium download, while the homepage/provenance metadata does not clearly point to the credited package source.
metadata: {"clawdbot":{"emoji":"🌐","requires":{"commands":["agent-browser"]},"homepage":"https://www.sztv.com.cn/ysz/zx/zw/80706997.shtml"}} ... npm install -g agent-browser ... agent-browser installVerify the npm package, maintainer, repository, and version before installation; prefer a pinned version and an official project source.
An agent using this skill could submit forms, click account controls, or change web workflows during an automation task.
The skill exposes broad browser interaction and network-mocking commands. These are central to browser automation, but they can alter website state if used on sensitive pages.
agent-browser click @e2
agent-browser fill @e3 "text"
agent-browser network route "**/api/*" --body '{"x":1}'Use it only for intended browser tasks and require explicit review before actions that submit data, change settings, buy items, delete content, or publish publicly.
Saved auth files or exposed cookies could allow continued access to logged-in websites if mishandled.
The skill documents saving/loading browser authentication state and reading cookies, which is expected for session-based automation but involves account access material.
agent-browser state save auth.json # Save cookies/storage agent-browser state load auth.json # Load (skip login) agent-browser cookies # Get all
Store auth-state files securely, avoid sharing them, delete them when no longer needed, and do not use this on accounts where automated access is not intended.