Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Agent Browser Clawdbot Rose
v1.0.0Headless browser automation CLI optimized for AI agents with accessibility tree snapshots and ref-based element selection
⭐ 0· 76·0 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description match the SKILL.md: it documents a CLI named agent-browser for headless browser automation with snapshots, refs, sessions, and state. There are no unrelated credential requests or unrelated binaries declared.
Instruction Scope
Instructions are narrowly focused on invoking the agent-browser CLI, taking snapshots, interacting by refs, controlling network, and saving/loading browser state. They do instruct the agent (user) to save/load auth state files (e.g., auth.json, admin-auth.json), use session env var AGENT_BROWSER_SESSION, and to download Chromium via the CLI — all expected for a browser automation tool but involving sensitive session data. The instructions do not ask to read arbitrary system files or to transmit data to unknown external endpoints beyond the browser/network ops the tool provides.
Install Mechanism
There is no platform install spec in the registry (skill is instruction-only), but SKILL.md tells users to run `npm install -g agent-browser` and `agent-browser install` (which downloads Chromium). Installing an npm package globally can run postinstall scripts and the CLI's install command will fetch a browser binary — this is a moderate risk and should be done from a trusted source and ideally in an isolated environment.
Credentials
The skill declares no required env vars or credentials; the only environment usage documented is the optional AGENT_BROWSER_SESSION. However, the skill explicitly instructs saving and loading auth/state files (cookies/storage), which may contain sensitive session credentials. This is proportionate to a browser automation tool but users must handle those files carefully.
Persistence & Privilege
The skill does not request always:true and does not suggest modifying agent/system-wide configs. It is user-invocable and does not ask for permanent platform presence.
Assessment
This skill appears to do what it says: drive a headless browser via the agent-browser CLI. Before installing or using it:
- Verify the CLI source: confirm the npm package and the GitHub repo (https://github.com/vercel-labs/agent-browser) are the legitimate upstream projects you expect.
- Install in a controlled environment: `npm install -g` and the CLI's `install` command may run install scripts and will download Chromium; prefer testing in a container or VM if you have security concerns.
- Treat saved state files (auth.json, admin-auth.json) as sensitive: they can contain cookies/session tokens. Do not load production auth files into untrusted agents or share them.
- Check postinstall scripts: inspect the package on npm (or its repo) for unexpected postinstall behavior before running global install.
- Network-control and mocking features are powerful: they give the tool the ability to modify requests/responses — use them only with consent and in test environments.
If you want higher assurance, ask the publisher to provide the exact npm package name and the package.json / postinstall script, or vendor the CLI binary from a known release and install it manually.Like a lobster shell, security has layers — review code before you run it.
latestvk971kk01b1derf1b52fmpdkbd983mykg
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🌐 Clawdis