ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Ai Pa Browser Clawdbot

v1.0.0

Headless browser automation CLI optimized for AI agents with accessibility tree snapshots and ref-based element selection

0· 27·1 current·1 all-time
byNetanel Abergel@netanel-abergel
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the provided SKILL.md and reference docs: all commands (snapshots, refs, navigation, state save/load, network control, screenshots, recording) are expected features of a browser automation CLI.
Instruction Scope
SKILL.md only instructs the agent to use the external 'agent-browser' CLI and documents its commands; it does not direct the agent to read unrelated system files or env vars, nor to send captured data to unexpected endpoints.
Install Mechanism
This is an instruction-only skill with no install spec. The SKILL.md suggests installing via 'npm install -g agent-browser' (a normal distribution method); nothing in the bundle performs arbitrary downloads or writes to disk.
Credentials
The skill itself requests no environment variables or credentials (requires none). However, the documented CLI supports saving/loading state (auth.json), setting credentials/headers, uploading files, and network routing — all normal for a browser tool but potential vectors for leaking sensitive data if the agent is instructed to save or transmit secrets.
Persistence & Privilege
always is false and the skill has no install hooks or behavior that modifies other skills or global agent settings. It does not request permanent platform presence.
Assessment
This skill appears to be what it claims: a wrapper around an external 'agent-browser' CLI. Before installing or letting an agent use it, ensure you: (1) install agent-browser from a trusted source (verify the npm package and upstream repo), (2) avoid loading state files (auth.json) from untrusted origins, (3) be cautious about commands that set headers/credentials, upload files, or route/modify network requests (these can be used to exfiltrate data if misused), and (4) restrict the agent's permissions or review commands if the agent will run autonomously.

Like a lobster shell, security has layers — review code before you run it.

latestvk97c5dwhfxxjdcxebsb4eqtf85843vkd

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🌐 Clawdis

Comments