Safety Report

Agent Browser Core

Name: Agent Browser Core
Rating: 5 (14 reviews)
Author: codedao12

OpenClaw skill for the agent-browser CLI (Rust-based with Node.js fallback) enabling AI-friendly web automation with snapshots, refs, and structured commands.

5,059Downloads

22Installs

14Stars

2Versions

Workflow Automation3,323 CLI & Shell Tools1,805 Browser Automation1,737 Legal & Compliance738

Security Analysis

high confidence

Clean0.04 risk

The skill's instructions, required inputs, and safety guidance align with its stated purpose of providing playbooks for the agent-browser CLI and do not request disproportionate access or hidden behaviors.

Feb 11, 20266 files1 concern

Purpose & Capabilityok

The name and description match the SKILL.md and reference docs: they describe CLI-driven web automation, snapshot/refs workflows, and a Node.js fallback. Required binaries, env vars, and config paths are none — consistent with an instruction-only playbook that expects the user to install the agent-browser CLI separately.

Instruction Scopeok

Runtime instructions focus on using the CLI (open, snapshot, refs, state save/load, safety checklists). They explicitly call out high-risk commands (eval, file access, network routing) and require explicit approval before use. The instructions do not direct reading unrelated system files, nor do they instruct exfiltration or posting data to unexpected endpoints.

Install Mechanismnote

This is an instruction-only skill with no install spec or code files. The docs recommend installing agent-browser via npm and running agent-browser install (which may download Chromium/Playwright runtimes) — a normal, expected workflow for a CLI. Because install actions are external to the skill, users should follow supply-chain hygiene (pin versions, install in a dedicated environment).

Credentialsok

The skill requests no environment variables, credentials, or config paths. It acknowledges that state files and tokens are sensitive and recommends treating them as secrets; nothing in the skill asks for unrelated or excessive credentials.

Persistence & Privilegeok

The skill is not always-enabled and does not request elevated platform privileges or permanent presence. It does not attempt to modify other skills or system-wide agent settings; its guidance recommends ephemeral sessions and avoiding persistent profiles.

Guidance

This skill appears to be a coherent, safety-conscious playbook for using the agent-browser CLI. Before using it: (1) pin the CLI version and install in an isolated container or dedicated environment, (2) do not grant or approve high-risk actions (eval, --allow-file-access, custom --executable-path, network routing, state writes) without human review, (3) treat state files and tokens as secrets and rotate them, and (4) block localhost/private-network targets unless explicitly required. If you need greater assurance, request the upstream source/homepage or a signed release for the agent-browser binary before installing.

Latest Release

v1.0.1

- Added comprehensive safety guidelines in a new `agent-browser-safety.md` reference file. - Updated orientation and documentation links to include safety and high-risk operation controls. - Introduced "Safe mode defaults" section to the main documentation, outlining recommended restrictions for secure automation. - Revised supporting references to clarify safe usage practices.

More by @codedao12

15 stars

Auto Shorts Repurposer

5 stars

Facebook

4 stars

Messenger

4 stars

Google Sheets API

4 stars

Twilio

3 stars

Published by @codedao12 on ClawHub