agent-browser
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is a coherent browser automation skill, but it deserves review because it can control websites and inspect or preserve browser session cookies/storage through an external CLI.
Before installing, decide whether you are comfortable letting an agent control a browser session. Prefer isolated profiles or test accounts, avoid sensitive logged-in sites, verify the external agent-browser package, and require explicit confirmation before submissions, uploads, payments, account changes, or cookie/storage access.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could submit forms, change web account state, or upload selected files while automating a browser session.
The skill gives the agent broad browser-control operations, including clicking, typing, and uploading files. This is expected for browser automation, but it can affect real websites and accounts if used in a logged-in or sensitive context.
allowed-tools: Bash(agent-browser:*) ... agent-browser click @e1 ... agent-browser fill @e2 "text" ... agent-browser upload @e1 file.pdf
Use this only on trusted or test sites unless you explicitly approve high-impact actions such as submissions, purchases, account changes, or uploads.
If used on logged-in sites, the agent may be able to view or reuse session material and act with the user's web account privileges.
Cookies and localStorage can contain login/session tokens. The documentation exposes retrieval and preservation of this session data without describing domain scope, redaction, retention, or user approval boundaries.
Recording creates a fresh context but preserves cookies/storage from your session ... agent-browser cookies # Get all cookies ... agent-browser storage local # Get all localStorage
Run this in an isolated browser context or test account, avoid sensitive logged-in sessions, clear cookies/storage after use, and require explicit approval before cookie/storage or credential-related operations.
Installing the skill as documented means trusting the external npm/GitHub package and its dependency installation behavior.
The skill is instruction-only and relies on an external globally installed CLI or source build, with no pinned package version or reviewed code included in the artifact. This is common for CLI wrappers, but provenance should be verified.
npm install -g agent-browser agent-browser install agent-browser install --with-deps ... git clone https://github.com/vercel-labs/agent-browser
Verify the upstream package and repository, pin a known-good version where possible, and review the CLI before using it with sensitive browser sessions.