Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Wayne Agent Browser
v1.0.0Headless browser automation CLI optimized for AI agents with accessibility tree snapshots and ref-based element selection
⭐ 0· 46·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The SKILL.md clearly targets a CLI named `agent-browser` and describes installing it with `npm install -g agent-browser`, downloading Chromium, and running many CLI commands. However the registry metadata lists no required binaries or install spec. That mismatch (the skill essentially requires a third-party CLI and npm installs, but the package metadata declares none) is inconsistent and worth noting.
Instruction Scope
The instructions focus on browser automation (navigation, snapshots, refs) which is consistent with the description. However they explicitly instruct saving/loading auth state files (e.g., `state save auth.json` / `state load auth.json`), controlling network routing/mocking, and installing runtime dependencies. Those file I/O and network-control steps can be used to persist or exfiltrate sensitive tokens/cookies or to intercept/modify requests — while legitimate for browser automation, they expand the scope beyond simple read-only scraping and should be considered when granting the tool access.
Install Mechanism
There is no install spec in the registry, but SKILL.md tells users to run `npm install -g agent-browser` and `agent-browser install` (which downloads Chromium). Global npm installs execute package install scripts and will run code from the npm package; the Chromium download will pull external binaries. This is a higher-risk install pattern unless you verify the npm package and download sources are trustworthy (the homepage points to a GitHub repo which helps, but the skill metadata and registry did not declare these installs).
Credentials
The skill declares no required environment variables or credentials (registry shows none). SKILL.md mentions an optional AGENT_BROWSER_SESSION env var for convenience, but no secrets are requested by the skill itself. The main proportionality concern is that the tool reads/writes auth state files (cookies/localStorage), which may contain sensitive credentials even though no env secrets are required.
Persistence & Privilege
The skill is not always-enabled and does not request elevated platform privileges. However the recommended workflows include persisting browser state to disk and loading it later (state save/load), so the tool can create long-lived local files containing session cookies/storage. This is normal for a browser automation tool but increases persistence of sensitive tokens on disk.
What to consider before installing
This skill appears to be a coherent browser-automation CLI, but exercise caution before installing or running it. Things to do before proceeding: 1) Verify the npm package and GitHub repo (https://github.com/vercel-labs/agent-browser) are legitimate and match the version you expect. 2) Prefer installing and running the CLI in an isolated environment (container or VM) because `npm install -g` runs package install scripts and `agent-browser install` downloads Chromium binaries. 3) Avoid loading or saving auth state files (cookies/localStorage) unless you trust the environment and repository; such files can contain sensitive tokens. 4) If you must use it, restrict its filesystem/network permissions and review any downloaded binaries' checksums. 5) If you want lower risk, ask the skill author to declare required binaries and provide an explicit, vetted install spec (trusted release URLs/checksums) so you can audit the installation sources.Like a lobster shell, security has layers — review code before you run it.
latestvk97fk1r0xhkmdv1ak0qtpae6k983q7cr
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🌐 Clawdis