Agent Browser
ReviewAudited by ClawScan on May 10, 2026.
Overview
Agent Browser is mostly coherent browser automation, but it includes guidance for proxy rotation to avoid limits/bans and handles reusable login sessions, so it needs review before use.
Install only if you trust the local agent-browser CLI and need broad browser automation. Use it on sites you are authorized to test, avoid proxy-based rate-limit or ban evasion, use least-privilege/test accounts, and protect or delete saved authentication state files.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could help scrape through proxies in ways that violate site rules, trigger account/IP blocks, or create legal and compliance risk.
This is explicit guidance for using proxies to evade site rate limits or bans, not just for geo-testing or corporate proxy access.
# Rotate through proxy list to avoid rate limiting ... Rotate proxies for large scraping jobs - Distribute load and avoid bans
Restrict proxy examples to authorized testing, remove ban/rate-limit evasion language, and require explicit user approval and approved target lists for proxy-based scraping.
If used with real credentials or production accounts, the agent may be able to perform logged-in actions on the user's behalf.
The skill documents entering credentials, setting auth cookies, and saving authenticated state, which is expected for browser automation but grants access to user accounts.
agent-browser fill @e2 "password123" ... agent-browser state save ./auth-state.json ... agent-browser cookies set session_token "abc123xyz"
Use test or least-privilege accounts when possible, avoid putting secrets directly in prompts, prefer environment variables, and confirm before submitting forms or changing account data.
A leaked, committed, or reused state file could let someone restore the user's session or expose private web data.
Saved browser state is persistent sensitive context that can carry tokens and private site data across runs.
Save cookies, storage, and auth state ... State File Contents ... cookies ... localStorage ... sessionStorage
Store state files only in protected locations, add the exact filenames used to .gitignore, delete them when no longer needed, and avoid reusing state across unrelated tasks.
The safety of actual browser operations depends on the local agent-browser CLI installed on the user's machine.
The skill delegates its capabilities to a local agent-browser executable; the supplied artifacts are documentation/templates rather than the reviewed implementation of that executable.
allowed-tools: Bash(agent-browser:*)
Install agent-browser only from a trusted source, verify its version, and avoid using an unknown binary earlier in PATH.