browser-file-upload
v1.0.0Automates uploading files to web pages via agent-browser CLI, supporting flexible path formats and interactions with file input elements or dialogs.
⭐ 0· 131·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The SKILL.md and included Python script clearly expect and invoke the agent-browser CLI (and Python) to open pages and perform uploads, but the registry metadata lists no required binaries or install steps. A legitimate browser-file-upload skill would need to declare that agent-browser (and a Python runtime if using the script) must be present. This is a documentation/metadata omission rather than functionality mismatch.
Instruction Scope
The runtime instructions and script stay within the stated purpose: they navigate to a URL, locate/click file input elements, and instruct agent-browser to upload a resolved local file path. The script resolves environment variables and workspace-relative paths for convenience. It does not contain network endpoints or logic that exfiltrates data to third-party servers beyond uploading to the target URL you supply (which is the intended behavior).
Install Mechanism
This is an instruction-only skill with an included Python script; there is no install spec, no downloads, and nothing written to disk beyond the provided files. No high-risk install mechanism is present.
Credentials
The skill declares no required environment variables, but the script will read OPENCLAW_WORKSPACE (if present) and expands any environment variables referenced in file paths (e.g., ${HOME}, %USERPROFILE%). Also, the script checks local filesystem paths and can read any file you point it at — which is necessary for uploads but means sensitive local files could be uploaded if given as input. This behavior is proportionate to the stated purpose but worth awareness.
Persistence & Privilege
The skill does not request persistent/always-on presence and does not modify other skills or system-wide configuration. Autonomous invocation is allowed by default (platform default), which is expected for an agent-invokable skill.
Assessment
This skill appears to do what it says: automate uploads via the agent-browser CLI. Before installing or running it, confirm that you have the agent-browser CLI and a suitable Python runtime available (the metadata does not declare those dependencies). Understand that the script will resolve environment variables and can access any local file path you provide — do not pass paths to sensitive files (credentials, private keys, personal documents). If you plan to let the agent run autonomously, be extra cautious: an autonomous agent + this skill can upload local files to arbitrary URLs, so test with non-sensitive files first and inspect the script yourself. If you want to proceed, add/verify a declared dependency on agent-browser in the skill metadata or ensure the environment provides the CLI.Like a lobster shell, security has layers — review code before you run it.
latestvk97378t2bacs4324p6bqtcrp3d83q2an
License
MIT-0
Free to use, modify, and redistribute. No attribution required.