Agent Browser Clawdbot Local
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is a clear browser-automation command guide, but it can handle web sessions and cookies and depends on an external npm tool the user should verify.
This skill appears purpose-aligned for browser automation. Before installing, verify the external agent-browser package, understand that saved auth files can grant account access, and require confirmation before the agent performs meaningful actions on logged-in websites.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent using this skill could perform real actions on websites, such as submitting forms or changing account settings, if the user allows it.
The skill gives the agent direct browser interaction commands that can click, type, submit, and drag elements on arbitrary pages. This is central to the stated browser-automation purpose, but it can affect real websites if used while logged in.
agent-browser click @e2 agent-browser fill @e3 "text" agent-browser press "Enter" agent-browser drag @e7 @e8
Use it on intended sites only, and require explicit user approval before purchases, account changes, public posts, or other irreversible web actions.
Saved auth-state files may let someone access the same web session without re-entering a password.
The skill explicitly supports saving and loading browser cookies/storage to bypass repeated login flows. That is useful for automation, but the resulting file can carry account access.
agent-browser state save auth.json # Save cookies/storage agent-browser state load auth.json # Load (skip login)
Store auth files securely, avoid sharing them, delete them when no longer needed, and only load session state for accounts the agent is allowed to use.
Installing the external CLI gives that package and its browser runtime local execution capability.
The skill relies on an external globally installed npm CLI and a browser download, while the reviewed package contains no code files or lockfile for that dependency. This is normal for an instruction-only wrapper, but the external tool is not reviewed here.
npm install -g agent-browser agent-browser install # Download Chromium agent-browser install --with-deps # Linux: + system deps
Verify the npm package and GitHub project, prefer a pinned/versioned install where possible, and install it only in an environment where browser automation is acceptable.