Agent Browser (MikeFaierberg)
PassAudited by VirusTotal on May 6, 2026.
Overview
Type: OpenClaw Skill Name: mikefaierberg-agent-browser Version: 1.0.0 The skill provides extensive browser automation capabilities via the `browser` tool and `agent-browser` CLI in SKILL.md, including the ability to save credentials (`auth save`) and execute CLI commands. While these features are consistent with the stated purpose of web research and form filling, the combination of credential handling and shell execution via `exec` represents a high-risk profile. No explicit malicious exfiltration or backdoors were identified, but the broad permissions and access to sensitive data warrant caution.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could act as the user on logged-in websites or save/use website credentials, which may affect accounts or private data if misused.
The skill explicitly instructs use of logged-in browser profiles and a password/auth vault. That is purpose-aligned for browser automation, but the artifacts do not bound which credentials or sites may be used, how passwords are protected, or when user approval is required.
Logged-in sites → Tandem Browser `profile="user"` ... `agent-browser auth save <name> --url <url> --username <u> --password <p>` ... `agent-browser --profile Default` to reuse Chrome login state
Use a dedicated browser profile or test account, avoid saving passwords unless necessary, and require explicit user confirmation before login, submission, purchase, posting, or account-changing actions.
On authenticated or transactional pages, automated clicks and keypresses could submit forms, change settings, or trigger purchases if not supervised.
The documented commands can click, fill, press keys, and batch browser actions. This is central to the skill’s stated purpose, but users should notice that these actions can have real effects on websites.
`browser act request={kind:"click"...}` ... `browser act request={kind:"fill"...}` ... `browser act request={kind:"press", key:"Enter"}` ... `agent-browser batch ["open url" "snapshot -i" "click @e1"]`Keep browser actions user-directed, and pause for confirmation before final submit/confirm/pay/post/delete steps.
If a different or untrusted `agent-browser` executable is on the system path, the agent may run that local program.
The skill relies on an external local CLI executed through the environment, while the supplied artifacts include no install spec or bundled code to verify that binary’s provenance.
`agent-browser` CLI (v0.26.0) — standalone, extra features ... Complex automation → `agent-browser` CLI via exec
Install the CLI only from a trusted source, verify the expected version, and avoid using this skill on systems where the `agent-browser` binary provenance is unclear.