Back to skill
Skillv0.8.6
VirusTotal security
Agent Browser · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 3:14 AM
- Hash
- 7205a6585b76606ee6cbfc4f2df49bc2f3e886ed87188a4665678f6d00097de2
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: agent-browser-tekken Version: 0.8.6 The OpenClaw AgentSkills bundle is classified as suspicious due to the inherent high-risk capabilities exposed by the `agent-browser` tool, even though the documentation presents them for legitimate purposes. Specifically, `agent-browser eval "..."` allows arbitrary JavaScript execution, `agent-browser --extension <path>` and `agent-browser --executable-path <p>` enable loading arbitrary browser extensions or custom executables (potential for arbitrary code execution), and `agent-browser state save` can persist sensitive browser state (cookies, local storage) to a file. These powerful primitives, detailed across `SKILL.md` and the `references/` documentation, could be abused by a maliciously prompted AI agent to perform unauthorized actions, data exfiltration, or further compromise, despite the lack of explicit malicious instructions within the skill bundle itself.
- External report
- View on VirusTotal