ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Agent Browser Core Temp

v1.0.0

OpenClaw skill for the agent-browser CLI (Rust-based with Node.js fallback) enabling AI-friendly web automation with snapshots, refs, and structured commands.

0· 84·1 current·1 all-time
by@mmyg11
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name, description, and SKILL.md consistently describe a CLI-centric browser automation helper (snapshots, refs, JSON output). Required capabilities (having agent-browser CLI and a browser runtime installed) match the stated purpose. However, the registry metadata (owner ID and slug) does not match the _meta.json ownerId and slug inside the files, which is an inconsistency in provenance/packaging.
Instruction Scope
All runtime instructions are documentation-level guidance for using the agent-browser CLI (commands to run, snapshot-first workflows, safe-mode defaults). They do not instruct the agent to read unrelated system files or exfiltrate data. The docs explicitly warn about high-risk commands (eval, file access, network routing) and require explicit human approval for those, which limits scope creep.
Install Mechanism
This is an instruction-only skill with no install spec and no code files — the lowest-risk install surface. The docs suggest installing the CLI via npm (npm install -g agent-browser@<version>) or using its own install command, which is expected for a CLI helper. There is no embedded download URL or archive extraction in the skill bundle itself.
Credentials
The skill declares no required environment variables, no credentials, and no config paths. The documentation appropriately flags state files and tokens as sensitive and recommends treating them as secrets. Nothing requests broad or unrelated credentials.
Persistence & Privilege
The skill does not request always: true and does not attempt to modify other skills or system-wide settings. It is user-invocable and allows autonomous invocation (platform default), which is expected for such a helper. The docs recommend ephemeral sessions and not persisting state by default.
What to consider before installing
This documentation-only skill appears to actually describe an agent-browser CLI helper and its safety controls, but the package provenance is unclear: the registry metadata differs from the _meta.json inside the files and there is no homepage or source link. Before installing: (1) verify the npm package name and publisher (pin an explicit version) and prefer installing in an isolated container or VM; (2) confirm the correct owner/slug/version with the source you trust (the _meta.json mismatch is a red flag); (3) never grant broad network or file-access permissions to automated runs — require explicit human approval before using high-risk commands like eval, --allow-file-access, --proxy, or state save/load; (4) treat any saved state or tokens as secrets and rotate them if used; (5) if you need stronger assurance, request the upstream source code or an official homepage/repo before proceeding.

Like a lobster shell, security has layers — review code before you run it.

latestvk97eqgqegq8r4b9919n800kkqs838q44

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments