Agent Browser
TheSethRose/agent-browser
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Runtime requirements
Runtime requirements🌐 ClawdisBinsnode, npm
Security scan
Security ScanVirusTotalVirusTotalSuspiciousView report →OpenClawOpenClawBenignhigh confidenceThe skill is an instruction-only wrapper for an agent-browser CLI and its declared requirements (node/npm and an npm-installable CLI) match the documented behavior — nothing in the skill files requests unrelated credentials or system access.Details ▾✓Purpose & CapabilityThe name and description claim a headless browser CLI wrapper and the SKILL.md exclusively documents how to install and use an agent-browser CLI. Required binaries (node, npm) and the npm install instructions are consistent with building/using a Node-distributed CLI. There are no unrelated credentials, binaries, or config paths requested.✓Instruction ScopeThe runtime instructions direct the agent to run agent-browser CLI commands (open, snapshot, click, fill, screenshot, record, etc.). They do not instruct the agent to read arbitrary local files, environment variables, or other system configuration beyond invoking the CLI. Note: because the CLI automates arbitrary web pages and can capture screenshots, upload files, and record video, those features can expose user data if used against sensitive sites — but that capability is coherent with a browser automation tool.ℹInstall MechanismThis is an instruction-only skill with no embedded install spec; SKILL.md instructs the user/agent to install via npm (npm install -g agent-browser) or build from a GitHub repo. That is a normal distribution mechanism, but it means the actual code comes from npm/GitHub — verify the npm package and repository provenance before installing globally. Because no install artifacts are bundled with the skill, the security posture depends on the external package source.✓CredentialsThe skill does not request environment variables, keys, or config paths. Requesting node and npm is appropriate for a Node-distributed CLI. There are no unrelated credential requests or excessive environment access declared.✓Persistence & PrivilegeThe skill does not request always:true or any persistent elevated privileges. It is user-invocable and allows normal autonomous invocation (platform default). There is no indication it attempts to modify other skil…