ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

agent-browser

v0.2.0

A fast Rust-based headless browser automation CLI with Node.js fallback that enables AI agents to navigate, click, type, and snapshot pages via structured co...

0· 99·0 current·0 all-time
by@penglovemeng·duplicate of @knightluozichu/agent-browser-0-2-0
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description claim a Rust-based headless browser CLI with a Node fallback; the SKILL.md describes an npm-distributed CLI with commands that match that purpose. However the metadata lists only node/npm as required binaries despite the Rust mention — which is plausible if the Rust binary is packaged and distributed via npm, but is a minor inconsistency worth noting.
Instruction Scope
SKILL.md stays within browser automation scope: navigation, snapshot, interactions, cookies, storage, screenshots, recording, etc. It does not instruct reading unrelated system files or hidden endpoints. The one runtime risk is that the installation instructions (npm install -g, git clone, pnpm build) will fetch and execute external code.
!
Install Mechanism
The registry entry contains no formal install spec; instead SKILL.md instructs the agent/user to run npm install -g agent-browser and optionally git clone a GitHub repo and pnpm build. Those commands download and run arbitrary third‑party code and global npm installs can execute install scripts — a moderate-to-high supply-chain risk especially because the skill's registry metadata shows no homepage/source to verify and the _meta.json ownerId differs from the registry owner in the listing.
Credentials
No environment variables or credentials are required by the skill metadata. Runtime commands reference setting credentials or HTTP auth as CLI actions (expected for browser automation) but do not request secrets up-front.
Persistence & Privilege
always is false and the skill does not request persistent system-wide privileges in the metadata. No instructions modify other skills or system agent configuration.
What to consider before installing
This SKILL.md appears to be a straightforward wrapper for an external CLI, but the package will be fetched from the network if you follow the installation steps. Before installing or running this skill: (1) verify the npm package and GitHub repository are legitimate (confirm publisher, repo owner, release tags, and checksums); (2) prefer installing and reviewing the package manually in a sandbox or VM rather than allowing automated installation; (3) avoid running global npm installs as an unprivileged user without inspection of package install scripts; (4) if you need stronger assurance, request a homepage/repository URL from the publisher and review the upstream code (especially build/install scripts) or use well-known alternatives (Playwright/Puppeteer) with a verifiable origin. The lack of a declared source/homepage and the owner-identifier mismatch are the primary reasons for caution.

Like a lobster shell, security has layers — review code before you run it.

latestvk973z2y1p7m90je4djd99k0hkn832fk6

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🌐 Clawdis
Binsnode, npm

Comments