Vanzhangsh Skills
PassAudited by ClawScan on May 10, 2026.
Overview
This is a coherent browser automation skill, but it can control websites and expose browser session data, so users should use it only on sites and accounts they intend the agent to access.
Install only after verifying the upstream agent-browser package. Use a separate browser profile or logged-out session for untrusted sites, and ask the agent to pause for approval before submitting forms, changing accounts, making purchases, or uploading files.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent could interact with websites on the user's behalf, including submitting forms or uploading files if prompted or if a task implies it.
The skill grants the agent access to all agent-browser subcommands. That fits the browser automation purpose, but includes state-changing actions such as clicks, form filling, uploads, and navigation.
allowed-tools: Bash(agent-browser:*)
Use this skill with clear instructions, and require user confirmation before purchases, account changes, submissions, or uploads.
If used on logged-in sites, the agent may see session cookies, localStorage values, or credentials and may act with the user's logged-in authority.
The skill documents commands that can read or set browser cookies, localStorage, and HTTP basic authentication credentials. These are expected browser automation features but can expose account/session data.
agent-browser cookies # Get all cookies ... agent-browser storage local # Get all localStorage ... agent-browser set credentials user pass # HTTP basic auth
Avoid using this skill on sensitive accounts unless needed, and clear or isolate browser sessions when finished.
The security of the skill depends on the npm package and installed browser dependencies, which were not included in the reviewed artifacts.
The skill depends on an external globally installed CLI and browser dependency installation. This is central to the stated purpose, but the artifacts do not bundle or pin the executable being installed.
npm install -g agent-browser agent-browser install agent-browser install --with-deps
Verify the npm package/source repository and consider pinning a trusted version before installing globally.