Agentic Browser 0.1.2
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill is a coherent browser-automation integration, but it includes examples that can expose login/session cookies and encourage proxy-based rate-limit avoidance.
Install only if you trust inference.sh and need agent-driven browser automation. Avoid the cookie-extraction and rate-limit-avoidance examples unless you have explicit authorization, never log cookies or passwords, close sessions after use, and do not record sensitive browsing sessions.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used on a logged-in site, session cookies could appear in logs, transcripts, or other tools and may allow account access.
The documentation shows extracting browser cookies from an authenticated session and printing them. Cookies can function like session credentials, and this example does not scope, redact, or protect the output.
Extract cookies for use in other tools: ... "code": "document.cookie" ... echo "Cookies: $COOKIES"
Do not extract or print cookies unless there is a specific, authorized need. Require explicit user approval, scope to the intended domain, redact outputs, and avoid sending cookies to other tools.
Using this pattern may violate website policies, trigger blocking, or create legal and operational risk for the user.
The proxy documentation explicitly presents rotating proxies as a way to avoid rate limits during scraping, which can enable misuse against third-party sites.
### Rate Limit Avoidance Rotate proxies for web scraping:
Use automation only where authorized, respect robots.txt and site rate limits, and remove or reframe rate-limit-avoidance guidance as compliance-oriented throttling.
A mistaken or overbroad script could change page state, submit data, or extract sensitive content from the current page.
Executing JavaScript in the browser is an advertised and purpose-aligned feature, but it is a powerful capability that can read or modify page content.
### execute Run JavaScript code on the page. ... | `code` | string | JavaScript code to execute |
Run JavaScript only on pages and data the user has authorized, and review the code before execution.
Installing a remote script requires trusting the provider and the network path at install time.
The Quick Start uses a remote shell installer for the inference.sh CLI. This is central to the skill and user-directed, but it is not pinned or represented as an install spec.
curl -fsSL https://cli.inference.sh | sh && infsh login
Review the installer, prefer a pinned or package-manager install when available, and install only if you trust inference.sh.
An open session may continue to carry authenticated state, and recordings or screenshots may contain sensitive information.
Persistent browser session state is expected for multi-step automation, but it can retain login state and sensitive page context across agent actions.
Each session maintains an isolated browser context with: - Cookies - LocalStorage / SessionStorage - Browser history - Page state - Video recording (if enabled) Sessions persist across function calls
Use one session per task, close sessions promptly, avoid recording sensitive workflows, and treat screenshots/videos/session IDs as sensitive.