Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Agent Browser Cn
v1.0.0A fast Rust-based headless browser automation CLI with Node.js fallback that enables AI agents to navigate, click, type, and snapshot pages via structured co...
⭐ 0· 63·1 current·1 all-time
by聿歆@v585
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The SKILL.md documents a browser-automation CLI (navigate, snapshot, click, fill, screenshot, record) which aligns with the skill name and description. Requiring node/npm is consistent with the documented npm installation and Node fallback. However, the description claims a "Rust-based" implementation with a Node fallback while the manifest only shows Node/npm instructions; the skill's Source/Homepage are both unknown, and the registry metadata in the header (owner/version) does not match the _meta.json contents (different ownerId and version). These metadata inconsistencies reduce trust in provenance.
Instruction Scope
The SKILL.md stays on-topic: it instructs installing and using the agent-browser CLI and lists commands for navigation, inspection, interaction, screenshots, recording, etc. It does not instruct the agent to read unrelated system files or environment variables. Note: the documented commands (snapshots, screenshot to stdout, get html/text) can capture and expose sensitive page content — this is expected for this type of tool but is a privacy/exfiltration risk if used against authenticated or sensitive pages.
Install Mechanism
There is no formal install spec in the skill bundle; instead SKILL.md recommends 'npm install -g agent-browser' and an 'agent-browser install --with-deps' step, plus an optional git clone from github.com/vercel-labs/agent-browser and pnpm build. Using npm global installs and an install-with-deps command can download and execute code and native binaries from external sources. While npm and GitHub are common release hosts (lower risk than arbitrary URLs), the absence of a declared source/homepage in the registry entry and the metadata mismatch mean provenance is unclear. The 'install --with-deps' step is opaque and could pull additional binaries.
Credentials
The skill does not declare or require any environment variables or credentials. SKILL.md shows commands to set per-session headers/credentials in the CLI (e.g., basic auth, headers) but those are local to the tool and do not require platform secrets. No unrelated cloud credentials or secret environment variables are requested.
Persistence & Privilege
The skill is not marked always:true and does not request persistent system-wide configuration or access to other skills' settings. It is user-invocable and allows autonomous model invocation by default (normal for skills).
What to consider before installing
Before installing or invoking this skill: 1) Verify provenance — check the npm package and the GitHub repository referenced in SKILL.md (the registry entry lacks a homepage and the skill bundle metadata contains inconsistent owner/version fields). 2) Prefer inspecting the agent-browser package on npm and its GitHub release tags yourself before running 'npm install -g'. 3) Avoid running it against accounts or pages with sensitive data unless you trust the package and/or run it in a sandboxed environment, because snapshots/screenshots and stdout output can capture secrets. 4) Treat the 'agent-browser install --with-deps' step as potentially downloading additional binaries; if possible, review what it downloads or use an isolated VM/container. 5) If you need higher assurance, ask the publisher for authoritative source URLs, signed releases, or a reproducible build instruction; resolve the owner/version mismatch in the metadata before trusting this skill.Like a lobster shell, security has layers — review code before you run it.
latestvk978dj7kc1m2hpnngv3ss06b1h83avdb
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🌐 Clawdis
Binsnode, npm