Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Agent Browser 0
v1.0.0A fast Rust-based headless browser automation CLI with Node.js fallback that enables AI agents to navigate, click, type, and snapshot pages via structured co...
⭐ 0· 606·12 current·12 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The SKILL.md describes a browser automation CLI and the declared required binaries (node, npm) are consistent with the npm-based installation path. However, the docs also reference building from source with pnpm and git without listing pnpm/git in the required binaries, and the registry owner ID differs from the _meta.json ownerId. The absence of a homepage and an unknown source raise provenance questions.
Instruction Scope
The instructions describe only browser automation commands (open, snapshot, click, fill, screenshot, record, etc.). They do not instruct the agent to read unrelated system files or to exfiltrate environment variables. The commands do include operations that interact with local files (upload, screenshot to stdout) and session data (cookies/storage), which are expected for a browser automation tool.
Install Mechanism
This is an instruction-only skill (no install spec), which limits static risk. The SKILL.md recommends npm -g install (reasonable) and also provides a from-source path that uses git and pnpm; those tools are not listed in required binaries. The repo URL in instructions points to github.com/vercel-labs/agent-browser but the skill's registry metadata lacks a homepage and the source was reported as unknown, which makes it harder to verify the upstream release or binary integrity.
Credentials
The skill does not request environment variables or credentials in the registry metadata. The CLI supports setting HTTP basic auth and custom headers at runtime (which is normal for a browser automation tool) but the skill does not ask for unrelated secrets. No evidence the SKILL.md accesses env vars beyond the declared none.
Persistence & Privilege
always is false and disable-model-invocation is false (normal). The skill does not request elevated or permanent platform privileges and does not attempt to modify other skills' configurations in the provided materials.
What to consider before installing
The skill appears to be a wrapper around an npm CLI for browser automation and the command examples are plausible, but there are provenance and metadata inconsistencies you should resolve before installing: 1) Verify the upstream project (the SKILL.md references github.com/vercel-labs/agent-browser) and confirm the package owner matches the registry owner; prefer installing from the official repository or npm package page. 2) If you plan to build from source, ensure you have git and pnpm (the docs reference pnpm but required binaries don't list it). 3) Treat global npm installs carefully — consider auditing the package contents or installing in an isolated environment/container first. 4) Because the skill can access cookies, local files (uploads), and can output binary data (screenshots), avoid running it with sensitive sessions or credentials until you trust the source. If the maintainer or homepage cannot be verified, proceed cautiously or classify as untrusted.Like a lobster shell, security has layers — review code before you run it.
latestvk972gzxc96rrcm79jsvevtc63x81qsn4
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🌐 Clawdis
Binsnode, npm