ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Agent Browser Xiaoshu

v1.0.0

A fast Rust-based headless browser automation CLI with Node.js fallback that enables AI agents to navigate, click, type, and snapshot pages via structured co...

0· 13·1 current·1 all-time
by@xiaomaju-888
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (Rust-based headless browser with Node fallback) and required binaries (node, npm) are broadly consistent with an npm-distributed CLI wrapper. However provenance is unclear: registry metadata and _meta.json reference different owners/slugs and the SKILL.md points at https://github.com/vercel-labs/agent-browser. This mismatch in origin and naming reduces trust in the package source.
Instruction Scope
SKILL.md is an instruction-only wrapper that tells the agent to run agent-browser CLI commands (navigate, snapshot, click, fill, screenshot, upload, set headers/credentials, record video). The instructions do not directly ask the agent to read host system files or env vars, but several commands (upload, screenshot to stdout, set credentials/headers) legitimately allow collecting and transmitting page content and local files — behavior that could be misused if you run untrusted commands or give it sensitive inputs.
!
Install Mechanism
There is no formal install spec in the registry, but SKILL.md recommends `npm install -g agent-browser` or cloning a GitHub repo. Global npm installs can run postinstall scripts and modify system state; the CLI's own `agent-browser install --with-deps` may download additional binaries. Combined with unclear provenance and owner/slug mismatches, this elevates installation risk.
Credentials
The skill declares no required environment variables or credentials (good), but runtime commands allow setting HTTP basic auth, custom headers, and uploading files. Those features are expected for a browser automation tool but they also enable exfiltration of secrets or files supplied at runtime — the skill itself does not request unrelated credentials, but be careful what you pass to it.
Persistence & Privilege
always:false and normal autonomous invocation settings. The skill does not request persistent system-wide privileges or config changes in the provided metadata.
What to consider before installing
Key things to check before installing or running this skill: - Verify upstream source: confirm the npm package and the GitHub repo referenced in SKILL.md are the legitimate upstream project and match the registry owner; mismatched owner/slug in metadata is a red flag. - Avoid blind global npm installs: `npm install -g` can run postinstall scripts. Prefer to inspect the package on the npm registry (and its source code) before installing, or install in a sandbox/container. - Inspect any `agent-browser install` step: the CLI's self-install may download binaries; review what it fetches and from where. - Limit exposure of secrets/files: do not pass sensitive credentials or local files to the tool unless you trust the upstream and have audited it; use throwaway/test accounts instead. - Run in an isolated environment: if you must try it, run in a VM/container and do not run as root; monitor network access during install and first use. If you can provide the actual npm package name/URL or the GitHub repo contents, I can re-evaluate with higher confidence.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ecwessshs38nk1j86pyxkrd849er5

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🌐 Clawdis
Binsnode, npm

Comments