Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Agent Browser Backup 20260407
v1.0.0A fast Rust-based headless browser automation CLI with Node.js fallback that enables AI agents to navigate, click, type, and snapshot pages via structured co...
⭐ 0· 9·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name, description, and runtime instructions consistently describe a headless browser automation CLI. Declared required binaries (node, npm) align with the npm-based install instructions and the skill's stated capabilities (navigation, snapshot, click, fill, screenshot, record, state save/load).
Instruction Scope
SKILL.md only instructs use of the agent-browser CLI and related file operations (snapshot, screenshot, state save/load, upload). These actions are within the expected scope for a browser automation tool, but they inherently allow fetching arbitrary web content and reading/writing local files (e.g., state save auth.json, screenshot paths, file uploads). That capability is expected for the purpose but is a natural vector for accidental credential exposure or data exfiltration if the underlying CLI or package is malicious or untrusted.
Install Mechanism
The skill is instruction-only (no install spec), and instructs users to run npm install -g agent-browser (and optionally build from source). Installing a global npm package runs third-party code locally — this is a standard but nontrivial risk if the package provenance isn't verified. The SKILL.md references git clone https://github.com/vercel-labs/agent-browser, but the skill metadata lists no homepage and the skill source is 'unknown', so the upstream package cannot be confirmed from the provided bundle.
Credentials
The skill does not request environment variables, tokens, or configuration paths. This is proportionate to a CLI wrapper. Note: several CLI actions read/write local files (state save/load, screenshot, upload) — these are expected but you should avoid saving credentials into state files unless you trust the installed binary.
Persistence & Privilege
Skill flags are default (always:false, user-invocable:true, model invocation allowed). There is no request to be force-installed or to modify other skills or agent-wide settings. No persistence or elevated platform privileges are requested by the skill bundle itself.
What to consider before installing
This skill's behavior (a CLI that automates web pages) is coherent, but several provenance issues merit caution: the package's source/homepage is not provided in the bundle, and the included _meta.json and repository references don't match the registry metadata/versioning — that suggests the bundle may not point to a single, verifiable upstream. Before installing or running: 1) verify the agent-browser package on npm and the referenced GitHub repo (ensure the package name, owner, and latest release match what the docs claim); 2) inspect the npm package's code (or the repository) before doing a global install; 3) run the tool in a sandboxed environment or non-privileged account the first time; 4) avoid storing real credentials in state save files or allowing the CLI to upload sensitive files until you trust the binary; and 5) if you can't confirm the package provenance, treat it as untrusted and do not install globally on production systems.Like a lobster shell, security has layers — review code before you run it.
latestvk97eymzhzga1pa7chrvwmvv03584asj6
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🌐 Clawdis
Binsnode, npm