Automates browser interactions for web testing, form filling, screenshots, and data extraction. Use when the user needs to navigate websites, interact with web pages, fill forms, take screenshots, test web applications, or extract information from web pages.
Security Analysis
high confidenceThe skill's files and runtime instructions are coherent with a browser-automation purpose; it requests no unusual credentials or installs, but it handles sensitive session state and proxy configuration which users should treat carefully.
Name/description (browser automation: navigation, form-filling, screenshots, extraction) align with the provided SKILL.md, reference docs, and bash templates. The scripts and examples use only the agent-browser CLI and local file operations consistent with the stated purpose; there are no unrelated service credentials, binaries, or install steps requested.
Instructions include full automation flows, saving/loading session state files (which contain cookies/localStorage), proxy configuration (including examples with credentials in proxy URLs), OAuth/SSO handling, and file uploads. These actions are expected for a browser automation tool, but they involve handling sensitive data (session tokens, credentials) and can be used for large-scale scraping. The SKILL.md and templates do not instruct the agent to exfiltrate data to third-party endpoints, but they do show how to persist and load state files and print/access page text to local files.
Instruction-only skill with no install spec and no downloaded code. The only code present are local bash templates and markdown references; nothing is fetched or extracted from remote URLs during install, which is low risk.
The skill declares no required environment variables or primary credential. Reference docs recommend using environment variables for credentials and show proxy env var usage (HTTP_PROXY/HTTPS_PROXY/ALL_PROXY). Those recommendations are reasonable for the use case but involve sensitive data (proxy auth credentials, usernames/passwords) and should be applied cautiously. No unrelated secrets or broad credentials are requested by the skill itself.
always is false and the skill does not request persistent platform privileges or modify other skills. It documents saving/loading session state files under user control; this is normal for session-management but increases responsibility for users to protect those files.
Guidance
This skill appears to be what it says: a CLI-driven browser automation toolkit. Before installing or using it, consider the following: (1) Saved session state files contain cookies and tokens — treat them as secrets (don't commit them to repos; delete after use). (2) Proxy configuration examples include credentials in environment variables or URLs; only use trusted proxies and avoid embedding long-lived credentials. (3) The templates enable scraping and proxy rotation; ensure you have legal/ethical authorization for any automated scraping you perform. (4) The skill runs commands that can read/write local files (state files, screenshots, extracted text); review any scripts you run and where they write output. (5) Autonomous invocation is allowed by default (agent can invoke the skill), which is normal, but if you plan to allow the agent to act on private accounts, review access controls and restrict use to short-lived/test credentials where possible.
Latest Release
v0.1.0
Initial release of agent-browser: Powerful command-line browser automation. - Automates website navigation, form filling, testing, screenshots, and data extraction. - Extensive command set for browser control, interactive element referencing, state checks, and data capture. - Supports semantic locators (find by role, label, text, etc.) for robust automation. - Provides tools for video recordings, PDF creation, network interception, tab/window management, storage/cookie handling, and more. - Includes options for session isolation, headless/headed mode, and structured JSON output.
More by @tekkenKK
Published by @tekkenKK on ClawHub
