ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Agent Browser Core 1.0.1

OpenClaw skill for the agent-browser CLI (Rust-based with Node.js fallback) enabling AI-friendly web automation with snapshots, refs, and structured commands.

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 363 · 6 current installs · 6 all-time installs
by@Lion504
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description match the SKILL.md and reference docs: this is a playbook for using an external agent-browser CLI. The skill does not request unrelated credentials or system resources, and its required inputs (installed CLI, browser runtime, target URLs, session strategy) are appropriate for the stated purpose.
Instruction Scope
Instructions stay within the domain of driving a browser CLI and include sensible safety guardrails (disallow eval, file access, proxy, etc.). They reference saving/loading state and treat state files as secrets — that's expected but increases sensitivity of any persisted state. The SKILL.md instructs the user to install the CLI (npm), but the skill bundle itself contains no install or execution directives, so the agent will rely on a separately installed binary.
Install Mechanism
There is no install spec in the skill (lowest risk). However the docs recommend using `npm install -g agent-browser@<version>` and `agent-browser install` to provision runtimes; those are external actions the user/agent must perform. Because no code or remote downloads are bundled, the skill itself does not perform any installation, but you should ensure the CLI is installed from an official, pinned source before use.
Credentials
The skill requests no environment variables or credentials. It documents features that handle secrets (state files, cookies, credentials) and advises treating them as sensitive, which is proportional to browser automation use. No unrelated SECRET/TOKEN env vars are requested.
Persistence & Privilege
always is false and disable-model-invocation is false (normal). The skill does not request persistent system-level privileges or attempt to modify other skills or global agent configuration. Autonomous invocation by the agent is allowed by platform default but not excessive here.
Assessment
This skill is a documentation/playbook for an external CLI and appears coherent and benign. Before installing/using the recommended agent-browser CLI: 1) obtain and pin a trusted release (verify the upstream source) rather than installing an unverified package; 2) run the CLI in a restricted environment or container and follow the included safe-mode checklist (block localhost/private networks, disallow eval/--allow-file-access unless explicitly needed); 3) treat saved state files and cookies as secrets and rotate/remove them when finished; 4) note a minor manifest inconsistency (the included _meta.json owner/version differs from the registry metadata) — verify the publisher/slug before trusting the package.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk97e384k4rad1nnym70w62zbss81svsy

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Agent Browser Skill (Core)

Purpose

Provide an advanced, production-ready playbook for using agent-browser to automate web tasks via CLI and structured commands.

Best fit

  • You need deterministic automation for AI agents.
  • You want compact snapshots with refs and JSON output.
  • You prefer a fast CLI with Node.js fallback.

Not a fit

  • You require a full SDK or custom JS integration.
  • You must stream large uploads or complex media workflows.

Quick orientation

  • Read references/agent-browser-overview.md for install, architecture, and core concepts.
  • Read references/agent-browser-command-map.md for command categories and flags.
  • Read references/agent-browser-safety.md for high-risk controls and safe mode rules.
  • Read references/agent-browser-workflows.md for recommended AI workflows.
  • Read references/agent-browser-troubleshooting.md for common issues and fixes.

Required inputs

  • Installed agent-browser CLI and browser runtime.
  • Target URLs and workflow steps.
  • Session or profile strategy if authentication is required.

Expected output

  • A clear command sequence and operational guardrails for automation.

Operational notes

  • Snapshot early, act via refs, then snapshot again after DOM changes.
  • Use --json for machine parsing and scripting.
  • Use waits and load-state checks before actions.
  • Close tabs or sessions when done to release resources.

Safe mode defaults

  • Do not use eval, --allow-file-access, custom --executable-path, or arbitrary --args without explicit approval.
  • Avoid network route, set credentials, and cookie/storage mutations unless the task requires it.
  • Allowlist domains and block localhost or private network targets.

Security notes

  • Treat tokens and credentials as secrets.
  • Avoid --allow-file-access unless explicitly required.

Files

7 total
Select a file
Select a file to preview.

Comments

Loading comments…