AgentBrowse
v0.1.14Browser automation workflows through the agentbrowse CLI for launch, attach, observe, act, extract, navigation, and screenshots.
⭐ 0· 53·0 current·0 all-time
byDmitry Ukhanov@xor777
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Benign
high confidencePurpose & Capability
Name/description match the declared dependency on an agentbrowse CLI binary and the documented commands. The npm package (@mercuryo-ai/agentbrowse-cli) that installs the agentbrowse binary is coherent with the skill's purpose.
Instruction Scope
Runtime instructions stay within browser automation (launch, attach, observe, act, extract, screenshot). One important caveat: goal-based 'observe' and 'extract' can use a gateway-backed semantic runtime if you run 'agentbrowse init <apiKey>' — that will cause page content or semantic queries to be sent to an external service. The skill documents boundaries for protected secrets (logins/payments) and instructs to switch to a protected-flow tool for secret handling.
Install Mechanism
Install uses a scoped npm package which is expected for a CLI. This is a moderate-risk install vector (packages can run install scripts), but it is consistent with the stated binary requirement and the repo homepage points to a GitHub org that matches the package naming.
Credentials
The skill does not require environment variables or credentials by default. It does provide an optional semantic-runtime init that accepts an API key and optional api-url; supplying that key is reasonable for the documented semantic features but grants a remote service potential access to observed page data. No unrelated credentials or config paths are requested.
Persistence & Privilege
The skill is not always-enabled, does not request elevated platform privileges, and only stores an optional local semantic-runtime config when you run 'init'. It does not claim to modify other skills or global agent settings.
Assessment
This skill appears coherent for browser automation, but take these precautions before installing or using it:
- Verify the npm package and GitHub repo (owner, recent activity, and package maintainers) before installing. npm packages can include install scripts.
- Understand that the CLI can start/attach to real browser sessions and can be pointed at arbitrary CDP endpoints — avoid attaching to sensitive or remote endpoints you don't control.
- Do not run 'agentbrowse init <apiKey>' for the semantic runtime unless you trust the target service; goal-based observe/extract may transmit page content (which could include personal data or payment details) to that external API. Prefer using a protected-flow tool for logins, identity, or payments as recommended by the skill.
- Test the CLI in an isolated environment (container, VM) first to confirm behavior and any files/config it creates locally.
- If you need higher assurance, inspect the published package contents (or its source repo) for postinstall scripts or unexpected network endpoints before granting it broader access.Like a lobster shell, security has layers — review code before you run it.
latestvk97c6qq48hnrm01zs1g11kepjh84ctg4
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
Binsagentbrowse
Install
Install AgentBrowse CLI (npm)
Bins: agentbrowse
npm i -g @mercuryo-ai/agentbrowse-cli