ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

claw-browser-automation-skill

v2.0.0

Complete browser automation with agent-browser CLI. Supports navigation, forms, screenshots, data extraction, and parallel sessions.

0· 255·0 current·1 all-time
by@weaglewang
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description match the SKILL.md: it documents a CLI-driven browser automation workflow (navigation, forms, screenshots, parallel sessions) and instructs use of a local Chrome/Chromium executable. The required actions (installing a cli and pointing to Chrome) are reasonable for the stated purpose.
Instruction Scope
The runtime instructions stay within browser automation (open, snapshot, fill, click, wait, screenshot). They do instruct persistent changes to the user environment (global npm install and appending AGENT_BROWSER_EXECUTABLE_PATH to ~/.zshrc) which go beyond purely ephemeral agent behavior and should be explicitly consented to by the user.
!
Install Mechanism
There is no install spec in the registry entry; SKILL.md tells the user to run `npm install -g agent-browser`. Installing a global package from the public npm registry is a moderate risk because the package origin, homepage, and source code are not provided in the skill metadata. Global npm installs can place executable code on disk and run with the user's privileges.
Credentials
The skill declares no required credentials or config paths. The only environment instruction is AGENT_BROWSER_EXECUTABLE_PATH to point to Chrome/Chromium, which is appropriate for a local browser automation tool. There are no requests for unrelated secrets or cloud credentials.
Persistence & Privilege
The skill is not force-enabled (always:false) and does not request elevated platform privileges, but the instructions encourage persistent changes (global npm install, appending to ~/.zshrc) that create lasting artifacts on the host. The skill can be invoked autonomously by the agent (platform default), which increases blast radius if the installed CLI is malicious.
What to consider before installing
This skill appears to do what it says (browser automation) and contains only CLI usage instructions, but there is no source, homepage, or provenance for the recommended npm package. Before installing: (1) verify the npm package (check its npmjs.org page, homepage, and GitHub repo and inspect the source), (2) prefer a non-global/local or containerized install to avoid altering your main system, (3) don't blindly append environment variables to ~/.zshrc—set them per-shell or in a sandbox until you're confident, (4) review what data the CLI will capture (page snapshots, form contents) and avoid using it on pages with sensitive credentials, and (5) if uncertain, run the tool inside an isolated VM/container and audit network traffic and installed files. If you can provide the package's npm or repo URL, I can reassess with higher confidence.

Like a lobster shell, security has layers — review code before you run it.

latestvk971bxx4xnvgep10g1k12n4pmx83d29m

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments