Automates browser interactions for web testing, form filling, screenshots, and data extraction. Use when the user needs to navigate websites, interact with web pages, fill forms, take screenshots, test web applications, or extract information from web pages.
Security Analysis
high confidenceThe skill's files and instructions are consistent with a browser-automation tool: templates and docs describe navigation, snapshots, session/save/load, proxy usage and scraping patterns that match the stated purpose.
Name/description align with the included SKILL.md, reference docs, and the three bash templates — all describe browser navigation, form automation, screenshots, recordings, session persistence and proxy support which are appropriate for a browser automation tool.
Instructions and templates perform actions expected for browser automation (open, snapshot, click, state save/load, screenshot, record). They also show patterns for saving/loading session state files and using proxies. Nothing in the SKILL.md instructs the agent to read unrelated system files or to send data to unknown external endpoints, but the templates deliberately read/write local state files (e.g. ./auth-state.json, /tmp) and reference environment variables (HTTP_PROXY, HTTPS_PROXY, APP_USERNAME, APP_PASSWORD) that are not declared — these are expected for auth & proxy flows but are sensitive operations the user should review before running.
No install spec (instruction-only with template scripts) — the skill does not download or install external code. This is the lowest-risk install posture.
The skill does not require declared environment variables, but the docs and templates recommend and use common env vars (HTTP_PROXY, HTTPS_PROXY, ALL_PROXY) and suggest using APP_USERNAME/APP_PASSWORD and saving session state files. Requesting those values at run-time would be proportionate to the tasks, but they are sensitive and the skill does not declare them formally — users should avoid committing saved state files or embedding secrets in templates.
always:false and no system-wide config changes. The templates persist session state locally (session files) which is standard for reuse of authenticated sessions; nothing tries to modify other skills or global agent configuration.
Guidance
This skill appears coherent for web automation, but review and exercise caution before use: 1) Inspect the template scripts before running — they read/write local session state files (auth-state.json) that contain cookies/tokens; keep them out of source control and delete when not needed. 2) Prefer using ephemeral credentials or CI secrets when automating logins; never hardcode passwords into templates. 3) Proxy and scraping examples can be misused — ensure you comply with target site terms of service and legal/regulatory constraints. 4) If you plan to let the agent run autonomously, consider limiting what credentials or state files it can access. If you want a deeper review, provide any runtime wrapper/CLI binary for agent-browser or explain how agent-browser is installed and where it contacts on the network — that could change the assessment.
Latest Release
v0.8.6
- Added comprehensive SKILL.md usage guide with detailed command explanations and examples. - Documented workflows for browser navigation, interaction, automation, and information extraction. - Included instructions for advanced features: video recording, semantic locators, network interception, and browser settings customization. - Clarified the use of element references and alternative semantic selectors. - Outlined management of tabs, windows, frames, dialogs, cookies, storage, and global options.
More by @tekkenKK
Published by @tekkenKK on ClawHub
