ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

skill test

v1.0.0

A fast Rust-based headless browser automation CLI with Node.js fallback that enables AI agents to navigate, click, type, and snapshot pages via structured co...

0· 60·0 current·0 all-time
byzhaoweilong@zhaowl1023
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The SKILL.md describes a browser automation CLI (navigate, snapshot, click, fill, network routing, cookies/storage, screenshots, uploads), which aligns with the skill name and description. However, the description claims a Rust-based CLI with a Node fallback while the instructions only show Node/npm/pnpm installation paths; the declared required binaries list only node and npm but the text references git and pnpm (and a GitHub repo). The mismatch between 'Rust-based' and the entirely Node/npm-based install instructions and the omission of git/pnpm from the required-bins list is an inconsistency.
Instruction Scope
The SKILL.md instructs the agent to run CLI commands that will read and manipulate web pages, cookies, localStorage, upload files, take screenshots (to stdout or files), record video, and intercept/mock network requests. Those actions are consistent with browser automation, but they are high-privilege within that domain: the tool can access session cookies, page DOM, and local files (via uploads), and can intercept or mock network traffic — all of which may expose sensitive data if misused. The instructions do not ask the agent to read unrelated local system configuration or environment variables, which is good, but they give broad discretion to interact with arbitrary pages and data.
Install Mechanism
There is no formal install spec in the skill bundle (instruction-only), so the SKILL.md's install instructions are the only guidance. Those recommend npm -g install, a git clone from github.com/vercel-labs/agent-browser, and pnpm build. GitHub is a common source, but the skill omits declaring git and pnpm as required binaries. Because installation is manual (no packaged install spec), the risk depends on whether you actually run those commands — installing global npm packages and building from source can execute arbitrary code, so inspect the upstream repository before installing.
Credentials
The skill declares no required environment variables or credentials, which is proportionate for a CLI that operates via interactive commands. However, the CLI exposes commands to set HTTP basic auth credentials, headers, and to upload files — these are functional needs but may prompt you to supply secrets at runtime. The main proportionality issue is missing declared binaries (pnpm, git) relative to the install instructions, not the presence of unexplained credential requests.
Persistence & Privilege
always:false and no install spec means the skill does not request forced permanent inclusion or elevated platform privileges. The skill does not attempt to modify other skills or agent-wide settings in the provided instructions.
What to consider before installing
This skill appears to be a legitimate browser-automation CLI, but there are a few red flags and high-capability behaviors you should consider before installing or letting an agent use it autonomously: - Mismatched metadata: the description mentions Rust but the instructions show only Node/npm/pnpm; the SKILL.md references git and pnpm yet the skill's required-bins list omits them. Verify the real upstream project (inspect https://github.com/vercel-labs/agent-browser) before running install commands. - High privileges within web context: the CLI can read cookies/localStorage, take screenshots, record video, upload local files, and intercept/mock network requests. These are normal for browser automation but also let the tool access or exfiltrate sensitive session data if misused. - Installation risk: npm -g and building from source execute code on your machine. Only install from a trusted repository and review the package source (especially preinstall/build scripts) before running global installs. - Operational controls: avoid running this skill with sensitive accounts or files unless you sandbox it; do not provide secrets or local files unless necessary; prefer to run installs in a disposable environment (container/VM) and limit autonomous invocation if you are unsure. If you can, ask the publisher for a canonical homepage/release URL and verify the repository and package contents; if you plan to use it, validate the exact binary requirements (git, pnpm, node) and inspect build scripts before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk974jm5cv705f6xmpe59st3rjh83dfye

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🌐 Clawdis
Binsnode, npm

Comments