Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Nstbrowser AI Agent
v1.0.5Browser automation CLI with Nstbrowser integration for AI agents. Use when the user needs advanced browser fingerprinting, profile management, proxy configur...
⭐ 0· 248·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The declared purpose (browser automation with Nstbrowser profiles, fingerprinting, proxies, batch ops) matches the SKILL.md, scripts, and reference docs: the files consistently call a local nstbrowser-ai-agent CLI and a local Nstbrowser API (127.0.0.1:8848). However the registry metadata at the top of the report lists "Required env vars: none" and "Required binaries: none", while skill.json, SKILL.md, SECURITY.md and scripts clearly expect an NST_API_KEY, an NST host/port, and tools like jq/curl/chrome. That metadata mismatch is unexplained and reduces trust.
Instruction Scope
Runtime instructions and templates stay focused on Nstbrowser operations (profile creation, browser start/stop, proxy updates, snapshots). They do instruct the agent/user to read/write local config files (~/.nst-ai-agent/config.json, .nstbrowser-ai-agent.env), set environment variables, and run diagnostics (lsof, netstat, curl). Those are within the skill's domain but include patterns that can expose secrets (writing or echoing API keys into files or passing passwords on command line), so follow secure practices when providing credentials.
Install Mechanism
There is no install spec (instruction-only), and included files are templates/docs. Nothing in the manifest forces a remote download or arbitrary extraction. This is lower install risk, but the skill expects an external CLI (nstbrowser-ai-agent) that the user would fetch separately (npm or other).
Credentials
The skill requires an API key (NST_API_KEY) and a local service (127.0.0.1:8848) per skill.json and SKILL.md, but the top-level registry metadata claims no required environment variables — a clear inconsistency. Scripts also expect utilities (jq, curl, google-chrome) though the metadata lists none. The templates pass proxy passwords and API keys on the command line or echo them into files which can leak credentials via process lists or shell history. Requesting an NST API key is proportionate to the stated purpose, but the documentation and metadata disagree about what will be required, and some usage patterns expose secrets.
Persistence & Privilege
The skill does store/read configuration and API keys locally (SECURITY.md and SKILL.md point to ~/.nst-ai-agent/config.json and optional .env files) which is expected for a local CLI. The skill is not marked always:true and does not declare system-wide modifications. There is no indication it tries to persist beyond its own config scope or modify other skills.
What to consider before installing
Consider this suspicious because the skill's files expect an NST_API_KEY, local Nstbrowser service (127.0.0.1:8848), and helper tools (jq, curl, Chrome), but the registry metadata claims none of those — verify before installing. Steps to protect yourself:
- Verify the publisher and source: check the claimed GitHub repo and nstbrowser.io home page manually; do not trust the skill registry summary alone. Confirm the npm package and the repository content match these templates.
- Inspect the included scripts (templates/*.sh) and SKILL.md personally. They show patterns that can leak credentials (passing proxy/API passwords on the command line or echoing keys into files). Prefer setting NST_API_KEY via secure environment variable or restricted config file and avoid embedding secrets in shell commands or history.
- Ensure the local Nstbrowser service is legitimate and runs only on localhost. The tool communicates with a local API and exposes a debugger URL (ws://localhost:9222) which you should not expose to untrusted networks.
- Install the nstbrowser-ai-agent CLI from an official source only (npmjs.org or the verified GitHub repo) and verify checksums/release notes. If you cannot verify the upstream project, do not install.
- If you need to use proxies or proxy credentials, prefer using environment variables or secure vaults rather than passing passwords in plaintext on the command line.
- If you want higher assurance, ask the publisher to explain the metadata mismatch (registry says no env vars while skill.json and docs require NST_API_KEY and other tools) and provide a canonical homepage/repository link.Like a lobster shell, security has layers — review code before you run it.
latestvk97b9txf2sfh1xbhaqjc4r6dyx82sf4v
License
MIT-0
Free to use, modify, and redistribute. No attribution required.