Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Shah lABS
v1.0.0Browser automation CLI for AI agents. Use when the user needs to interact with websites, including navigating pages, filling forms, clicking buttons, taking...
⭐ 0· 57·0 current·0 all-time
byAamir Bader Shah@shahaamirbader
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (browser automation CLI) align with the files and templates: snapshot, click, fill, state save/load, proxies, recordings, etc. Minor metadata oddity: package is published as 'agent-browser' (slug agent-browser-openclaw) while the skill title is 'Shah lABS' and source/homepage are unknown — not a functional problem but reduces provenance confidence.
Instruction Scope
SKILL.md and the templates instruct the agent to import auth from the user's running Chrome via --remote-debugging-port, save/load plaintext state files, run arbitrary JS via agent-browser eval (including base64/stdin), and use proxies (including credentials in proxy URLs). Those are all coherent for a browser automation tool but they expand the skill's runtime scope to access sensitive local browser state, environment variables, and arbitrary page execution. The docs do warn about risk but the instructions still direct the agent to perform actions that can expose cookies, tokens, and other secrets.
Install Mechanism
This is instruction-only (no install spec) which lowers installer-level risk. The SKILL.md instructs installing 'agent-browser' via npm/brew/cargo and using 'agent-browser install' to download Chrome. Installing third-party packages and downloading a browser at runtime is expected for this capability but requires verifying the package source/signatures before running; the skill itself doesn't provide a provenance URL or checksum.
Credentials
The registry lists no required env vars, but the templates/docs reference many environment variables and sensitive items: APP_USERNAME / APP_PASSWORD, AGENT_BROWSER_ENCRYPTION_KEY, HTTP_PROXY/HTTPS_PROXY/ALL_PROXY (including user:pass proxy URIs), and optional session/state files that contain plaintext session tokens. The skill does not declare these as required, so the runtime instructions expect access to secrets that aren't represented in the manifest — a proportionality mismatch.
Persistence & Privilege
The skill does not request 'always: true' and does not include an install spec that writes persistent files to agent configuration. It recommends saving session state files to disk (which is normal for browser automation) but doesn't request elevated platform privileges or modify other skills' configs.
What to consider before installing
This skill appears to be a normal browser-automation helper, but treat it like a powerful local tool that can access your browser sessions and secrets. Before installing or running it: 1) Verify the package source and publisher (npm/brew/cargo) — the skill metadata lacks a homepage/source URL. 2) Avoid using --remote-debugging-port or auto-importing a live Chrome session unless you're on a trusted machine and you understand that any local process can read cookies and execute JS. 3) Do not store auth-state files in version control; prefer the documented encryption key and remove files when done. 4) Be careful when setting proxy environment variables with credentials (username:password@proxy) — these are easy to leak to process lists and logs. 5) If you will provide credentials to templates (APP_USERNAME/APP_PASSWORD), prefer ephemeral CI secrets or the recommended auth vault workflow. If you need higher assurance, ask the publisher for a source repository, signed releases, and a reproducible install path before running npm/brew/cargo installs or running 'agent-browser install' to download a browser binary.Like a lobster shell, security has layers — review code before you run it.
latestvk976m34rk0yqbn512z1f1w8wcd83jxzz
License
MIT-0
Free to use, modify, and redistribute. No attribution required.