Agent Browser

The OpenClaw AgentSkills bundle is classified as suspicious due to the broad and high-risk capabilities of the `agent-browser` tool, even though no explicit malicious intent is demonstrated in the provided files. Key indicators include the ability to load custom browser executables and extensions (`--executable-path`, `--extension`, `AGENT_BROWSER_EXECUTABLE_PATH`, `AGENT_BROWSER_EXTENSIONS`), execute arbitrary JavaScript within the browser context (`agent-browser eval`), access local files via the `file://` protocol, and save/load full browser session state (`agent-browser state save/load`), which can contain sensitive authentication tokens. While these features are plausibly needed for browser automation, they present significant attack surface for potential misuse if the agent or user were compromised, despite the documentation's inclusion of security best practices.