Clawdbot Agent Browser
v0.1.0Headless browser automation CLI optimized for AI agents with accessibility tree snapshots and ref-based element selection
⭐ 0· 196·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description (headless browser automation with accessibility snapshots) matches the SKILL.md commands and examples. The skill only expects an external 'agent-browser' CLI to be available, which is consistent with its stated purpose. (Minor metadata mismatch: registry ownerId and _meta.json ownerId differ, which is likely non-malicious but worth checking.)
Instruction Scope
SKILL.md explicitly instructs the agent to run an external CLI (agent-browser) and to save/load browser state files (auth.json), take snapshots, control network routing, and mock requests. These actions are within the domain of browser automation, but state save/load and network routing are sensitive operations because they can expose cookies, tokens, or allow interception/modification of network traffic.
Install Mechanism
There is no install spec in the skill bundle (instruction-only). The README suggests installing via 'npm install -g agent-browser' and running 'agent-browser install' to download Chromium. This is a standard, expected approach but carries normal supply-chain risks (npm package provenance and the Chromium download). The skill does not attempt to auto-install anything itself.
Credentials
The skill declares no required environment variables or credentials. Example uses of AGENT_BROWSER_SESSION and state file names are explanatory only. The lack of requested secrets is proportionate to the described functionality, though saved state files may contain sensitive cookies/session tokens if used.
Persistence & Privilege
always:false and no install or persistence actions embedded in the skill bundle. The skill does not request elevated privileges or modify other skills' configs. Autonomous invocation is allowed by default (platform behavior) but not exceptional for this skill.
Assessment
This skill is an instruction-only wrapper for an external CLI (agent-browser). Before installing or using it: 1) Verify the agent-browser npm package and the GitHub repo (https://github.com/vercel-labs/agent-browser) are the official/trusted sources. 2) Be cautious when using state save/load (auth.json) — those files can contain cookies and session tokens; avoid loading untrusted state files. 3) Network routing/mocking features are powerful and can intercept or alter traffic — only route or mock endpoints you trust. 4) Note the small metadata mismatch (ownerId) in the skill bundle; confirm the publisher identity if provenance matters. If you control the CLI binary source and understand the effects of saving state and manipulating network traffic, the skill is coherent with its stated purpose.Like a lobster shell, security has layers — review code before you run it.
latestvk97f5ppw94x70p13k64fdnna5s830gtc
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🌐 Clawdis