Back to skill
Skillv0.1.5
VirusTotal security
Agent Browser · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 3:29 AM
- Hash
- ea3768a47719d51737251f5b43ce3d3f5c22207785f7493916c78cc08f658562
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: agentic-browser Version: 0.1.5 The 'agentic-browser' skill is classified as suspicious due to its broad `Bash(infsh *)` permissions, which allow the AI agent to execute arbitrary `infsh` commands. While designed for legitimate web automation, the skill's capabilities, such as running arbitrary JavaScript code (`execute` function in `SKILL.md`, `references/commands.md`), uploading local files (`upload` action in `SKILL.md`, `references/commands.md`), and routing traffic through arbitrary proxies (`proxy_url` in `SKILL.md`, `references/proxy-support.md`), present significant attack surfaces. Furthermore, the shell scripts (`templates/*.sh`) directly interpolate user-provided URLs into JSON inputs for `infsh`, creating a potential shell injection vulnerability if a malicious URL containing special shell characters is provided. There is no clear evidence of intentional malicious behavior, but the powerful and potentially exploitable capabilities warrant a 'suspicious' classification.
- External report
- View on VirusTotal