Skillv1.0.0

ClawScan security

Agent Browser Skipped · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewMar 16, 2026, 8:01 PM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions and tool requirements mostly match a browser-automation wrapper, but metadata mismatches and the fact it tells the agent to run unvetted npm/git install steps warrant caution.
Guidance: This wrapper appears to document a real browser-automation CLI, but before installing: 1) verify the upstream package and repository (check the npm publisher, maintainers, and the GitHub repo contents) because 'npm install -g' and 'agent-browser install' can run install scripts and download binaries; 2) note the registry manifest metadata mismatches (ownerId and version differ from the included _meta.json) — ask the publisher to explain the discrepancy; 3) prefer reviewing the npm package contents or cloning the GitHub repo and inspecting build/install scripts (and pnpm usage) in a sandbox before running globally or as root; 4) pin a specific trusted version and validate checksums if available; 5) be aware that automated browsing will have access to cookies, storage, and uploaded files — restrict the agent's scope and run in an isolated environment if automating sensitive sites. If you want higher assurance, provide the actual upstream repository URL and package publisher info so the code and install scripts can be audited.

Review Dimensions

Purpose & Capability: noteThe name/description (headless browser CLI) aligns with the CLI commands in SKILL.md and the declared runtime requirement (node/npm). Minor mismatch: description claims a 'Rust-based' core with a Node fallback while the install instructions are npm-focused — this is plausible but should be verified against the upstream project.
Instruction Scope: noteSKILL.md instructs the agent to run agent-browser CLI commands and to install via npm or clone a GitHub repo. The instructions do not request unrelated files or environment variables. However, they rely on running upstream install scripts (npm install -g and agent-browser install), which may execute arbitrary code or download binaries during installation — that is outside the skill's control and should be audited before installation.
Install Mechanism: concernThis is an instruction-only skill (no install spec), but SKILL.md tells users to run 'npm install -g agent-browser' and to clone a GitHub repo. npm global installs and 'agent-browser install' may run install scripts or download artifacts; the skill gives no checksum/publisher verification. Additionally, the 'From Source' path uses pnpm (not listed as a required binary). The upstream source is referenced as github.com/vercel-labs/agent-browser, but the registry lists 'Source: unknown' and no homepage — this mismatch reduces confidence in provenance.
Credentials: okThe skill declares no required environment variables or credentials, and the instructions do not ask for secrets. The browser automation actions (cookies/storage access, file upload) are expected for this purpose but mean the running agent could access session data from pages it automates.
Persistence & Privilege: okThe skill is not marked always:true and does not request elevated platform privileges. It can be invoked autonomously by agents (default behavior), which is normal; there is no indication it modifies other skills or global configs.