ClawHub

Agent Browser

v1.0.0

A fast Rust-based headless browser automation CLI with Node.js fallback that enables AI agents to navigate, click, type, and snapshot pages via structured co...

0· 66·0 current·0 all-time
by@onlyloveher
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The description (Rust-based headless browser with Node.js fallback) matches the SKILL.md which instructs installing an npm package or building from source. However, the declared required binaries list only node and npm while the instructions also reference git and pnpm; those additional tools are likely needed but are not declared. Homepage/source fields are 'unknown' in the registry metadata despite SKILL.md referring to a GitHub repo, which is a minor metadata inconsistency.
Instruction Scope
SKILL.md confines runtime actions to installing and invoking the agent-browser CLI and documents commands for navigation, interaction, snapshots, screenshots, video recording, uploading files, and manipulating cookies/storage. Those actions are expected for a browser automation tool. Note: many commands will read local files (upload), access and preserve cookies/storage, and can visit arbitrary URLs — these are normal for such a tool but have privacy/data exposure implications.
Install Mechanism
This is an instruction-only skill that recommends installing via npm or building from a GitHub checkout using pnpm. No arbitrary binary downloads or obscure URLs are instructed in SKILL.md, which is low-risk in the install mechanism sense. The skill does not provide an automated install spec that would write arbitrary code to disk on install by the platform itself.
Credentials
The skill requests no environment variables or credentials. SKILL.md shows commands that can set headers, HTTP basic auth, and manipulate cookies/storage, but these are CLI options, not required secrets. Overall the credential and env access requested by the skill is proportionate to a browser automation tool.
Persistence & Privilege
The skill is not always-enabled, does not request persistent elevated privileges, and does not attempt to modify other skills or system-wide agent settings in the provided instructions. Autonomous invocation is allowed by default (normal for skills).
Assessment
This skill appears to be an instruction-only wrapper for an agent-browser CLI and is internally consistent with that purpose, but take these precautions before installing: - Verify the npm package and upstream repository (the SKILL.md references a GitHub repo) to ensure you trust the publisher. Installing npm packages runs code on your machine. - Be aware the tool can visit arbitrary URLs, read local files (for upload), and access/preserve browser cookies and storage — avoid running it with sensitive credentials or in contexts with private data unless you trust it. - The SKILL.md references git and pnpm but the metadata lists only node/npm; ensure you have the additional tools (git, pnpm) if you plan to build from source. - Consider running the CLI in a sandboxed environment or ephemeral container and review the package source (or run npm audit) before installing globally.

Like a lobster shell, security has layers — review code before you run it.

latestvk974my8t1ttrxt1q93ny21v7zd83pffe

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🌐 Clawdis
Binsnode, npm

Comments