Agent Browser Clawdbot
v1.0.0Headless browser automation CLI optimized for AI agents with accessibility tree snapshots and ref-based element selection
⭐ 2· 2.8k·10 current·11 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description match the SKILL.md: it documents a CLI 'agent-browser' for deterministic, sessioned browser automation. Minor metadata inconsistencies exist: the provided _meta.json ownerId and version differ from the registry metadata (owner id and version mismatch), and the registry 'Source' is 'unknown' while SKILL.md points to github.com/vercel-labs/agent-browser—these are likely bookkeeping issues but worth verifying against the upstream project before trusting installs.
Instruction Scope
The instructions stay within the browser-automation domain: navigation, snapshots, ref-based interactions, sessions, state save/load, network routing and mocking. They do reference loading/saving state files (e.g., auth.json, admin-auth.json) and an optional AGENT_BROWSER_SESSION env var; these are expected for this tool but are sensitive operations (they read/write authentication/session data).
Install Mechanism
No install spec is included in the skill bundle (instruction-only). The SKILL.md suggests installing via npm and an 'agent-browser install' step to download Chromium—this is external to the skill and should be validated by the user (check the npm package name and upstream repo).
Credentials
The skill declares no required environment variables, which aligns with the bundle. The documentation mentions an optional AGENT_BROWSER_SESSION env var and uses state save/load files; although optional, these mechanisms can carry secrets (cookies/storage). No unrelated credentials or env vars are requested by the skill itself.
Persistence & Privilege
The skill is not always-enabled and does not request system persistence. It is instruction-only and won't write code to disk by itself. However, the external CLI (when installed by the user) will store state files if used—this is normal for a browser automation tool.
Assessment
This skill is an instruction-only wrapper that expects you to have the external 'agent-browser' CLI installed. Before installing or using it: 1) Verify the upstream project (github.com/vercel-labs/agent-browser) and the npm package name/owner to avoid typosquats or malicious forks. 2) Be cautious with state files (auth.json, admin-auth.json) — only load state files you trust because they can contain cookies and other credentials. 3) Network-mocking and request-interception features are normal for a browser automation tool but can be misused; restrict what agent tasks are allowed to browse and avoid giving the agent access to sensitive internal sites unless necessary. 4) Note the metadata mismatch in _meta.json vs registry (owner/version) — treat that as a sign to double-check provenance. If you need extra assurance, obtain the CLI directly from the official repository and inspect the package before installation.Like a lobster shell, security has layers — review code before you run it.
latestvk97a6e5btpxskrkzqjhpqxypbs83tyj0
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🌐 Clawdis