Back to skill
Skillv0.1.0
ClawScan security
Agent Browser · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 6, 2026, 12:49 AM
- Verdict
- benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's files and runtime instructions are coherent with a browser-automation CLI: the requested actions, templates, and environment usage align with its stated purpose, but you should review and control where the underlying agent-browser binary and any saved session files come from.
- Guidance
- This skill is internally consistent with being a CLI-based browser automation toolkit. Before installing or using it, confirm where the 'agent-browser' binary will come from (the skill provides instructions but not the executable). Review any templates before running them — they may load or save auth-state files that contain session tokens and may reference environment variables holding credentials. Avoid checking saved state into source control, prefer the provided auth-vault pattern, sanitize proxy URLs (don’t embed credentials in plain text), and be cautious with 'eval' or base64 JavaScript execution (it runs arbitrary code in page context). If you plan to run this in CI or on shared machines, isolate the environment and rotate/delete saved state files after use. If you need higher assurance, ask the publisher for the official agent-browser release/source and verify the binary before use.
Review Dimensions
- Purpose & Capability
- okThe name/description (browser automation CLI) matches the included instructions, command reference, and templates (navigation, snapshotting, form automation, session/state management, proxies, recording, profiling). There are no unrelated credentials or binaries requested by the skill itself.
- Instruction Scope
- noteInstructions cover a wide but expected surface for a browser automation tool (snapshots, refs, state save/load, cookie/storage manipulation, JS eval, proxy configuration). These can expose sensitive data if misused (saved auth-state files contain tokens, proxy URLs may embed credentials, and 'eval' allows executing arbitrary page JS). The SKILL.md and references call out best practices (don't commit state files, use auth vault, pipe passwords), which mitigates concerns but requires user diligence.
- Install Mechanism
- okThis is instruction-only (no install spec). The templates are bash scripts provided as examples; nothing in the skill will automatically download or install executables. That lowers install-time risk. Note: the skill presumes an external 'agent-browser' CLI/binary exists on the host.
- Credentials
- okThe skill does not declare required environment variables or credentials in the registry metadata. The docs reference environment variables (AGENT_BROWSER_*, APP_USERNAME/APP_PASSWORD) that are reasonable for configuring a local CLI/tool and for automation templates. No unrelated cloud credentials or cross-service secrets are requested.
- Persistence & Privilege
- okSkill flags are normal (always:false, model invocation allowed). The skill does instruct saving/loading local session/state files and offers templates that persist state, which is expected for browser automation but should be handled carefully; it does not request permanent platform-level privileges or modify other skills.