Agent Browser
ReviewAudited by ClawScan on May 10, 2026.
Overview
This appears to be a legitimate browser automation skill, but it can act inside logged-in web sessions and save session data, so use it deliberately.
Before installing, verify that the `agent-browser` executable on your system is trusted because its implementation is not included here. Use the skill only on sites and accounts you intend to automate, review sensitive actions such as form submission or file upload, avoid using proxy rotation to bypass site rules, and store or delete auth-state files carefully because they may contain active session tokens.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If directed at a sensitive site, the agent could submit forms, change account state, or upload a selected file.
The skill exposes browser actions that can click, type into forms, and upload files. This is central to the stated browser-automation purpose, but users should recognize it can perform consequential actions on websites.
agent-browser click @e1 ... agent-browser fill @e2 "text" ... agent-browser upload @e1 file.pdf
Use explicit instructions for sensitive sites and review before submitting forms, uploading files, or taking actions that change account data.
Using the skill this way could violate website rules or trigger account/network enforcement.
Proxy support is a legitimate testing feature, but the documentation also describes avoiding rate limits during scraping.
Rotating Proxies for Scraping ... Rotate through proxy list to avoid rate limiting
Use proxy rotation only for authorized testing or compliant data collection, not to bypass site restrictions.
The agent may operate as the logged-in user on websites you authenticate to.
The skill documents entering passwords, handling OAuth/SSO, setting Basic Auth credentials, and saving authenticated state. This is expected for authenticated browser automation but involves account authority.
agent-browser fill @e3 "password" ... agent-browser state save ./oauth-state.json ... agent-browser set credentials username password
Use least-privilege test accounts where possible and avoid giving the agent credentials for accounts it should not control.
The reviewed artifacts are mostly documentation/templates; the actual browser automation behavior depends on an external binary not reviewed here.
The artifacts do not include or pin the implementation of the `agent-browser` executable that SKILL.md authorizes via Bash, so users must trust the local command separately.
Source: unknown; Homepage: none; No install spec — this is an instruction-only skill.
Verify the installed `agent-browser` executable and its source before using it with sensitive accounts or data.
Anyone who obtains a saved state file may be able to reuse your logged-in web session.
Saved browser state can include cookies and web storage that authenticate future sessions. The documentation discloses this and gives cleanup guidance.
"cookies": [...], "localStorage": {...}, "sessionStorage": {...} ... Don't commit state files (contain auth tokens!)Store auth-state files in private locations, add them to `.gitignore`, and delete them when no longer needed.