ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Agent Browser Clawdbot.Bak 2026 01 28T18:01:09+10:30

v1.0.0

Headless browser automation CLI optimized for AI agents with accessibility tree snapshots and ref-based element selection

1· 1.9k·1 current·2 all-time
by@nicoataiza
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name and description match the SKILL.md content: it documents an agent-focused headless browser CLI (navigation, snapshots, ref-based interactions, sessions, state save/load, network control). There are no unrelated environment variables, binaries, or config paths requested.
Instruction Scope
Instructions tell the agent to run a CLI that snapshots pages, reads interactive elements, and can save/load auth state (auth.json) and cookies/storage. Those behaviors are expected for a browser automation tool, but snapshot and state operations can capture or restore credentials and page content — the agent running these commands could read or write local files containing secrets if given file paths.
Install Mechanism
The registry entry is instruction-only and provides no install spec, but the README instructs users to install via npm (npm install -g agent-browser) and to run an 'agent-browser install' step that downloads Chromium. Installing a global npm package and downloading a browser binary are normal for such a tool but carry risk if the npm package or downloaded Chromium binary are untrusted or malicious; the skill metadata does not include a pinned, verifiable release URL or checksum.
Credentials
The skill declares no required environment variables or credentials. The SKILL.md mentions an optional AGENT_BROWSER_SESSION env var and using state save/load — these are proportionate to session and state features. Be aware that saved state files may contain cookies/session tokens and loading them gives the CLI access to those credentials.
Persistence & Privilege
always:false and no special platform privileges are requested. The CLI can persist state (cookies/storage) within files you create; that is normal for browser automation but means the tool can store and later restore authentication state if you let it.
Assessment
This skill appears internally consistent for a headless browser CLI, but take these precautions before installing or running it: 1) Verify the npm package and its maintainer (check the package name, homepage/repo, maintainers, and recent versions) before running npm install -g. 2) Be cautious with the 'agent-browser install' step that downloads Chromium — prefer verified release sources and checksums. 3) Avoid loading state files (state load) from untrusted sources; saved state files can contain cookies and auth tokens. 4) Run the CLI in an isolated environment (container or VM) if possible, and don't give it elevated system permissions. 5) If an agent will invoke these commands autonomously, restrict the agent's access to only the files and networks you intend it to use. If you want a higher-assurance review, provide the actual npm package URL or source repo/tarball and the Chromium download source so those artifacts can be inspected.

Like a lobster shell, security has layers — review code before you run it.

latestvk97fw7hb2c21gca1yxeqzqtpzn8029q8

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🌐 Clawdis

Comments