Page Agent Claw Controller
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This skill appears to do what it says, but it gives an external local browser-control service broad authority without clear safety boundaries.
Install this only if you trust the page-agent-claw npm package and Chrome extension. Use a separate browser profile, keep the service local, stop it after use, and require explicit confirmation before the agent clicks, submits, posts, purchases, deletes, logs in, or changes account data.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A broad task could make the agent click links, submit forms, or interact with sites in ways the user did not intend.
The skill sends arbitrary natural-language browser tasks to a local service. The artifacts do not define allowed sites, allowed actions, or approval steps before potentially state-changing browser operations.
curl -X POST http://localhost:4222/api/task ... -d '{"task": "复杂的浏览任务"}'Use only for explicit, narrowly described browsing tasks, and require confirmation before purchases, logins, posting, deleting, account changes, or other irreversible actions.
Browser actions may be performed as the signed-in user on websites, including sites with private or account-sensitive data.
The skill depends on a Chrome extension to control the local browser. If that browser is already signed in to websites, automation may act under the user's existing accounts, but the artifacts do not scope which accounts or sessions may be used.
page-agent Chrome扩展(用于控制浏览器)
Run it in a separate browser profile with only the accounts needed for the task, and avoid using it on sensitive financial, work, admin, or personal accounts unless you explicitly approve each action.
The main behavior depends on external package and extension code that was not included in this review.
The reviewed skill contains no implementation code, but instructs users to install and run a global npm package that provides the actual browser-control service.
page-agent-claw: `npm install -g page-agent-claw`
Inspect the npm package and Chrome extension source, pin a trusted version, and install only from sources you trust.
If the service is left running or exposed beyond localhost, other local processes or misconfiguration could potentially submit browser tasks.
The skill communicates with a localhost browser-control service using HTTP examples that show no authentication or origin checks. This is local-only in the artifacts, but the communication boundary is not described.
curl http://localhost:4222/api/status ... curl -X POST http://localhost:4222/api/task
Ensure the service binds only to localhost, close it when not in use, and prefer authentication or explicit approval for submitted tasks.
A browser-control service may remain available after the immediate task unless the user stops it.
The skill documents starting a local service but does not document shutdown or lifecycle controls. This appears purpose-aligned, not hidden, but users should notice the service may continue running.
# 如未运行,启动服务 page-agent-claw
Start the service only when needed and stop it after use.