Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Agent Browser Core.Conflict
v1.0.0OpenClaw skill for the agent-browser CLI (Rust-based with Node.js fallback) enabling AI-friendly web automation with snapshots, refs, and structured commands.
⭐ 0· 33·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
SKILL.md is an instruction-only playbook for the agent-browser CLI and its described capabilities (snapshots, refs, JSON output, Node fallback) match the content. However, the skill metadata and embedded _meta.json disagree on ownerId, slug, and version (registry metadata vs _meta.json vs SKILL.md name), and the skill metadata declares no required binaries while the instructions explicitly require the agent-browser CLI and browser runtime. These inconsistencies don’t prove malicious intent but reduce trust and should be resolved.
Instruction Scope
Instructions stay within the stated domain: they describe CLI commands, workflows, safety defaults, and when to request human approval for high-risk actions (eval, file access, network routing, credentials/state). The playbook does not instruct reading unrelated system files or exfiltrating secrets; it explicitly warns to treat tokens/state as sensitive.
Install Mechanism
There is no install spec (lowest risk). The docs recommend installing via `npm install -g agent-browser@<version>`, which is expected for a CLI but the skill does not pin a specific trusted release or provide checksums. Installing a global npm package runs third-party code — acceptable for this purpose but requires verifying upstream authenticity.
Credentials
The skill requests no environment variables or credentials in metadata. The instructions do discuss state files, cookies, and tokens (and correctly mark them high-risk) but do not attempt to collect unrelated secrets or require broad credentials. This is proportionate to a browser-automation playbook.
Persistence & Privilege
always is false and the skill is user-invocable; it does not ask for persistent system-wide privileges or to modify other skills. No config paths or elevated privileges are requested by the skill itself. The documentation appropriately recommends running in a dedicated environment/container.
What to consider before installing
This instruction-only skill appears to be a coherent playbook for the agent-browser CLI, but there are a few red flags you should address before use: (1) Verify the source — the skill has no homepage and the embedded _meta.json disagrees with the registry metadata (ownerId/slug/version). Confirm which is authoritative. (2) The SKILL.md expects you to install the agent-browser CLI, but the skill metadata doesn't declare that binary — only install the CLI from an official, pinned release (check npm/GitHub releases and checksums). (3) Follow the included safety checklist: run the CLI in a container or dedicated environment, do not enable eval/file-access/proxy options without explicit human approval, and treat state files/tokens as secrets. If you cannot verify the upstream repository or release artifacts, avoid installing the global package on your host; instead test in an isolated VM or container.Like a lobster shell, security has layers — review code before you run it.
latestvk974ts83gzd2yz67h2ezdbrkp984d5er
License
MIT-0
Free to use, modify, and redistribute. No attribution required.