ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

wang

v1.0.0

A fast Rust-based headless browser automation CLI with Node.js fallback that enables AI agents to navigate, click, type, and snapshot pages via structured co...

0· 59·0 current·0 all-time
by@mingxiangmiu
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (browser automation) align with the SKILL.md commands and required binaries. Requesting node and npm makes sense because the skill documents installing a Node CLI (agent-browser) and references a GitHub repo. Nothing requested in metadata appears unrelated to browser automation.
Instruction Scope
SKILL.md stays on-topic (commands for navigation, snapshot, interactions, cookies, storage, network routing, JS eval, state save/load, file upload). These capabilities are expected for a headless browser wrapper, but they legitimately allow reading/writing session state (auth.json), uploading local files, intercepting/mocking network requests, and executing JS in page context — all of which can expose sensitive data if used improperly. The instructions do not themselves instruct exfiltration, but they enable powerful actions that an agent could perform.
Install Mechanism
The skill is instruction-only (no install spec), so it won't install code itself. The documentation tells users to npm install -g agent-browser or build from GitHub; that means any actual installation pulls code from npm or GitHub — normal for CLI tooling but you should vet the upstream package before running those install commands.
Credentials
The skill declares no environment variables or secrets and only requires node/npm binaries. That is proportionate for a Node-based CLI wrapper. No unrelated credentials or config paths are requested.
Persistence & Privilege
always:false and default autonomous invocation are set (normal). The skill does not request permanent system-wide presence or modify other skills' configs. Saving/loading state and file access are part of its functional scope but are not persistence privileges requested by the skill itself.
Scan Findings in Context
[no_regex_findings] expected: The static scanner had no code files to analyze (instruction-only skill). This is expected; lack of findings does not mean the underlying npm package is safe. The SKILL.md points users to installing an external package which the scanner did not fetch.
Assessment
This skill is a documentation wrapper for the agent-browser CLI and is coherent with that purpose. Before installing or running agent-browser (npm install -g agent-browser or git clone), verify the upstream package/repo (the docs reference https://github.com/vercel-labs/agent-browser) to ensure you trust it. Be cautious with commands that save/load session state (auth.json), upload local files, intercept network requests, or eval JavaScript — those operations can expose cookies, auth tokens, or local files. Run the CLI in an isolated environment (container or sandbox) if you need to evaluate it, and avoid loading saved states or running commands that touch sensitive files from untrusted sources.

Like a lobster shell, security has layers — review code before you run it.

latestvk979ksvn4ffk81m5egmghmhcd183gcda

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🌐 Clawdis
Binsnode, npm

Comments