ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Wayne Agent Browser

v1.0.0

Headless browser automation CLI optimized for AI agents with accessibility tree snapshots and ref-based element selection

0· 89·0 current·0 all-time
by@wechatgpt798·fork of @matrixy/agent-browser-clawdbot (0.1.0)

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for wechatgpt798/wayne-agent-browser.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Wayne Agent Browser" (wechatgpt798/wayne-agent-browser) from ClawHub.
Skill page: https://clawhub.ai/wechatgpt798/wayne-agent-browser
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install wayne-agent-browser

ClawHub CLI

Package manager switcher

npx clawhub@latest install wayne-agent-browser
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The SKILL.md clearly targets a CLI named `agent-browser` and describes installing it with `npm install -g agent-browser`, downloading Chromium, and running many CLI commands. However the registry metadata lists no required binaries or install spec. That mismatch (the skill essentially requires a third-party CLI and npm installs, but the package metadata declares none) is inconsistent and worth noting.
!
Instruction Scope
The instructions focus on browser automation (navigation, snapshots, refs) which is consistent with the description. However they explicitly instruct saving/loading auth state files (e.g., `state save auth.json` / `state load auth.json`), controlling network routing/mocking, and installing runtime dependencies. Those file I/O and network-control steps can be used to persist or exfiltrate sensitive tokens/cookies or to intercept/modify requests — while legitimate for browser automation, they expand the scope beyond simple read-only scraping and should be considered when granting the tool access.
!
Install Mechanism
There is no install spec in the registry, but SKILL.md tells users to run `npm install -g agent-browser` and `agent-browser install` (which downloads Chromium). Global npm installs execute package install scripts and will run code from the npm package; the Chromium download will pull external binaries. This is a higher-risk install pattern unless you verify the npm package and download sources are trustworthy (the homepage points to a GitHub repo which helps, but the skill metadata and registry did not declare these installs).
Credentials
The skill declares no required environment variables or credentials (registry shows none). SKILL.md mentions an optional AGENT_BROWSER_SESSION env var for convenience, but no secrets are requested by the skill itself. The main proportionality concern is that the tool reads/writes auth state files (cookies/localStorage), which may contain sensitive credentials even though no env secrets are required.
Persistence & Privilege
The skill is not always-enabled and does not request elevated platform privileges. However the recommended workflows include persisting browser state to disk and loading it later (state save/load), so the tool can create long-lived local files containing session cookies/storage. This is normal for a browser automation tool but increases persistence of sensitive tokens on disk.
What to consider before installing
This skill appears to be a coherent browser-automation CLI, but exercise caution before installing or running it. Things to do before proceeding: 1) Verify the npm package and GitHub repo (https://github.com/vercel-labs/agent-browser) are legitimate and match the version you expect. 2) Prefer installing and running the CLI in an isolated environment (container or VM) because `npm install -g` runs package install scripts and `agent-browser install` downloads Chromium binaries. 3) Avoid loading or saving auth state files (cookies/localStorage) unless you trust the environment and repository; such files can contain sensitive tokens. 4) If you must use it, restrict its filesystem/network permissions and review any downloaded binaries' checksums. 5) If you want lower risk, ask the skill author to declare required binaries and provide an explicit, vetted install spec (trusted release URLs/checksums) so you can audit the installation sources.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🌐 Clawdis
latestvk97fk1r0xhkmdv1ak0qtpae6k983q7cr
89downloads
0stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
@wechatgpt798
latest
Download

Agent Browser Skill

Fast browser automation using accessibility tree snapshots with refs for deterministic element selection.

Why Use This Over Built-in Browser Tool

Use agent-browser when:

  • Automating multi-step workflows
  • Need deterministic element selection
  • Performance is critical
  • Working with complex SPAs
  • Need session isolation

Use built-in browser tool when:

  • Need screenshots/PDFs for analysis
  • Visual inspection required
  • Browser extension integration needed

Core Workflow

# 1. Navigate and snapshot
agent-browser open https://example.com
agent-browser snapshot -i --json

# 2. Parse refs from JSON, then interact
agent-browser click @e2
agent-browser fill @e3 "text"

# 3. Re-snapshot after page changes
agent-browser snapshot -i --json

Key Commands

Navigation

agent-browser open <url>
agent-browser back | forward | reload | close

Snapshot (Always use -i --json)

agent-browser snapshot -i --json          # Interactive elements, JSON output
agent-browser snapshot -i -c -d 5 --json  # + compact, depth limit
agent-browser snapshot -s "#main" -i      # Scope to selector

Interactions (Ref-based)

agent-browser click @e2
agent-browser fill @e3 "text"
agent-browser type @e3 "text"
agent-browser hover @e4
agent-browser check @e5 | uncheck @e5
agent-browser select @e6 "value"
agent-browser press "Enter"
agent-browser scroll down 500
agent-browser drag @e7 @e8

Get Information

agent-browser get text @e1 --json
agent-browser get html @e2 --json
agent-browser get value @e3 --json
agent-browser get attr @e4 "href" --json
agent-browser get title --json
agent-browser get url --json
agent-browser get count ".item" --json

Check State

agent-browser is visible @e2 --json
agent-browser is enabled @e3 --json
agent-browser is checked @e4 --json

Wait

agent-browser wait @e2                    # Wait for element
agent-browser wait 1000                   # Wait ms
agent-browser wait --text "Welcome"       # Wait for text
agent-browser wait --url "**/dashboard"   # Wait for URL
agent-browser wait --load networkidle     # Wait for network
agent-browser wait --fn "window.ready === true"

Sessions (Isolated Browsers)

agent-browser --session admin open site.com
agent-browser --session user open site.com
agent-browser session list
# Or via env: AGENT_BROWSER_SESSION=admin agent-browser ...

State Persistence

agent-browser state save auth.json        # Save cookies/storage
agent-browser state load auth.json        # Load (skip login)

Screenshots & PDFs

agent-browser screenshot page.png
agent-browser screenshot --full page.png
agent-browser pdf page.pdf

Network Control

agent-browser network route "**/ads/*" --abort           # Block
agent-browser network route "**/api/*" --body '{"x":1}'  # Mock
agent-browser network requests --filter api              # View

Cookies & Storage

agent-browser cookies                     # Get all
agent-browser cookies set name value
agent-browser storage local key           # Get localStorage
agent-browser storage local set key val

Tabs & Frames

agent-browser tab new https://example.com
agent-browser tab 2                       # Switch to tab
agent-browser frame @e5                   # Switch to iframe
agent-browser frame main                  # Back to main

Snapshot Output Format

{
  "success": true,
  "data": {
    "snapshot": "...",
    "refs": {
      "e1": {"role": "heading", "name": "Example Domain"},
      "e2": {"role": "button", "name": "Submit"},
      "e3": {"role": "textbox", "name": "Email"}
    }
  }
}

Best Practices

  1. Always use -i flag - Focus on interactive elements
  2. Always use --json - Easier to parse
  3. Wait for stability - agent-browser wait --load networkidle
  4. Save auth state - Skip login flows with state save/load
  5. Use sessions - Isolate different browser contexts
  6. Use --headed for debugging - See what's happening

Example: Search and Extract

agent-browser open https://www.google.com
agent-browser snapshot -i --json
# AI identifies search box @e1
agent-browser fill @e1 "AI agents"
agent-browser press Enter
agent-browser wait --load networkidle
agent-browser snapshot -i --json
# AI identifies result refs
agent-browser get text @e3 --json
agent-browser get attr @e4 "href" --json

Example: Multi-Session Testing

# Admin session
agent-browser --session admin open app.com
agent-browser --session admin state load admin-auth.json
agent-browser --session admin snapshot -i --json

# User session (simultaneous)
agent-browser --session user open app.com
agent-browser --session user state load user-auth.json
agent-browser --session user snapshot -i --json

Installation

npm install -g agent-browser
agent-browser install                     # Download Chromium
agent-browser install --with-deps         # Linux: + system deps

Credits

Skill created by Yossi Elkrief (@MaTriXy)

agent-browser CLI by Vercel Labs

Comments

Loading comments...