ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Browser Automation Clawdbot

v1.0.0

Headless browser automation CLI optimized for AI agents with accessibility tree snapshots and ref-based element selection

0· 244·0 current·0 all-time
by@hsyhph·duplicate of @ddbq/agent-browser-clawdbot-0-1-0

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for hsyhph/browser-automation-clawdbot.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Browser Automation Clawdbot" (hsyhph/browser-automation-clawdbot) from ClawHub.
Skill page: https://clawhub.ai/hsyhph/browser-automation-clawdbot
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install browser-automation-clawdbot

ClawHub CLI

Package manager switcher

npx clawhub@latest install browser-automation-clawdbot
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The SKILL.md describes an agent-browser CLI for headless browser automation which matches the skill name and description. However, metadata in SKILL.md declares a required command ('agent-browser') while the top-level registry requirements reported 'none' for required binaries — a small inconsistency. _meta.json owner/slug/version values also differ from the registry metadata, which suggests mismatched packaging or an outdated manifest.
Instruction Scope
The runtime instructions are limited to running the agent-browser CLI and parsing its JSON output. This stays within the stated purpose. Important scope items to note: the instructions include 'state save/load' (reading/writing auth JSON files), session env var usage (AGENT_BROWSER_SESSION), and commands that can intercept or mock network traffic. Those are expected for a browser automation tool but can expose or reuse sensitive credentials/cookies if the agent is told to load local state files.
Install Mechanism
This is an instruction-only skill with no platform install spec, but SKILL.md recommends 'npm install -g agent-browser' and running 'agent-browser install' to download Chromium. That is a typical install path for such a tool, but it requires installing a third-party npm package and downloading a browser binary — both are moderate-risk operations that should be vetted (verify npm package, registry publisher, and the upstream GitHub repo) before running on a machine with sensitive data.
Credentials
The skill does not declare required environment variables or credentials, which is appropriate. The instructions reference an optional AGENT_BROWSER_SESSION env var and file-based state (auth.json) for session persistence; these are proportional to a browser automation tool but mean local files containing cookies/storage could be loaded, so treat state files as sensitive.
Persistence & Privilege
The skill does not request always:true and is not asking to modify other skills or system-wide settings. It is user-invocable and allows autonomous invocation (platform default). Nothing here grants elevated, permanent privileges beyond normal agent invocation.
Assessment
This skill appears to be what it claims: documentation for using the 'agent-browser' CLI. Before installing or running it, verify the upstream package/repo (npm and the GitHub homepage) to ensure you trust the publisher. Be cautious with the recommended 'npm install -g' and with running 'agent-browser install' (which downloads Chromium). Treat any state files (auth.json) as sensitive — do not load third-party-provided auth state, and avoid saving session state that contains cookies or tokens you care about. Also note the small manifest inconsistencies (declared required command vs. registry metadata, and differing owner/slug in _meta.json); these suggest you should confirm the skill package's provenance before use. If you want a lower-risk setup, run installs in an isolated environment or sandbox and review the package source on GitHub first.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🌐 Clawdis
latestvk9705vbysq13t3tfw3hmpmbep583z34w
244downloads
0stars
1versions
Updated 4w ago
v1.0.0
MIT-0
@hsyhph
latest
Download

Agent Browser Skill

Fast browser automation using accessibility tree snapshots with refs for deterministic element selection.

Why Use This Over Built-in Browser Tool

Use agent-browser when:

  • Automating multi-step workflows
  • Need deterministic element selection
  • Performance is critical
  • Working with complex SPAs
  • Need session isolation

Use built-in browser tool when:

  • Need screenshots/PDFs for analysis
  • Visual inspection required
  • Browser extension integration needed

Core Workflow

# 1. Navigate and snapshot
agent-browser open https://example.com
agent-browser snapshot -i --json

# 2. Parse refs from JSON, then interact
agent-browser click @e2
agent-browser fill @e3 "text"

# 3. Re-snapshot after page changes
agent-browser snapshot -i --json

Key Commands

Navigation

agent-browser open <url>
agent-browser back | forward | reload | close

Snapshot (Always use -i --json)

agent-browser snapshot -i --json          # Interactive elements, JSON output
agent-browser snapshot -i -c -d 5 --json  # + compact, depth limit
agent-browser snapshot -s "#main" -i      # Scope to selector

Interactions (Ref-based)

agent-browser click @e2
agent-browser fill @e3 "text"
agent-browser type @e3 "text"
agent-browser hover @e4
agent-browser check @e5 | uncheck @e5
agent-browser select @e6 "value"
agent-browser press "Enter"
agent-browser scroll down 500
agent-browser drag @e7 @e8

Get Information

agent-browser get text @e1 --json
agent-browser get html @e2 --json
agent-browser get value @e3 --json
agent-browser get attr @e4 "href" --json
agent-browser get title --json
agent-browser get url --json
agent-browser get count ".item" --json

Check State

agent-browser is visible @e2 --json
agent-browser is enabled @e3 --json
agent-browser is checked @e4 --json

Wait

agent-browser wait @e2                    # Wait for element
agent-browser wait 1000                   # Wait ms
agent-browser wait --text "Welcome"       # Wait for text
agent-browser wait --url "**/dashboard"   # Wait for URL
agent-browser wait --load networkidle     # Wait for network
agent-browser wait --fn "window.ready === true"

Sessions (Isolated Browsers)

agent-browser --session admin open site.com
agent-browser --session user open site.com
agent-browser session list
# Or via env: AGENT_BROWSER_SESSION=admin agent-browser ...

State Persistence

agent-browser state save auth.json        # Save cookies/storage
agent-browser state load auth.json        # Load (skip login)

Screenshots & PDFs

agent-browser screenshot page.png
agent-browser screenshot --full page.png
agent-browser pdf page.pdf

Network Control

agent-browser network route "**/ads/*" --abort           # Block
agent-browser network route "**/api/*" --body '{"x":1}'  # Mock
agent-browser network requests --filter api              # View

Cookies & Storage

agent-browser cookies                     # Get all
agent-browser cookies set name value
agent-browser storage local key           # Get localStorage
agent-browser storage local set key val

Tabs & Frames

agent-browser tab new https://example.com
agent-browser tab 2                       # Switch to tab
agent-browser frame @e5                   # Switch to iframe
agent-browser frame main                  # Back to main

Snapshot Output Format

{
  "success": true,
  "data": {
    "snapshot": "...",
    "refs": {
      "e1": {"role": "heading", "name": "Example Domain"},
      "e2": {"role": "button", "name": "Submit"},
      "e3": {"role": "textbox", "name": "Email"}
    }
  }
}

Best Practices

  1. Always use -i flag - Focus on interactive elements
  2. Always use --json - Easier to parse
  3. Wait for stability - agent-browser wait --load networkidle
  4. Save auth state - Skip login flows with state save/load
  5. Use sessions - Isolate different browser contexts
  6. Use --headed for debugging - See what's happening

Example: Search and Extract

agent-browser open https://www.google.com
agent-browser snapshot -i --json
# AI identifies search box @e1
agent-browser fill @e1 "AI agents"
agent-browser press Enter
agent-browser wait --load networkidle
agent-browser snapshot -i --json
# AI identifies result refs
agent-browser get text @e3 --json
agent-browser get attr @e4 "href" --json

Example: Multi-Session Testing

# Admin session
agent-browser --session admin open app.com
agent-browser --session admin state load admin-auth.json
agent-browser --session admin snapshot -i --json

# User session (simultaneous)
agent-browser --session user open app.com
agent-browser --session user state load user-auth.json
agent-browser --session user snapshot -i --json

Installation

npm install -g agent-browser
agent-browser install                     # Download Chromium
agent-browser install --with-deps         # Linux: + system deps

Credits

Skill created by Yossi Elkrief (@MaTriXy)

agent-browser CLI by Vercel Labs

Comments

Loading comments...