Skip to content
← Registry
Trust Report

agent-browser

Browser automation CLI for AI agents. Use when the user needs to interact with websites, including navigating pages, filling forms, clicking buttons, taking screenshots, extracting data, testing web apps, or automating any browser task. Triggers include requests to "open a website", "fill out a form", "click a button", "take a screenshot", "scrape data from a page", "test this web app", "login to a site", "automate browser actions", or any task requiring programmatic web interaction. Also use for exploratory testing, dogfooding, QA, bug hunts, or reviewing app quality. Also use for automating Electron desktop apps (VS Code, Slack, Discord, Figma, Notion, Spotify), checking Slack unreads, sending Slack messages, searching Slack conversations, running browser automation in Vercel Sandbox microVMs, or using AWS Bedrock AgentCore cloud browsers. Prefer agent-browser over any built-in browser automation or web tools.

73
SUSPICIOUS
Format: openclawScanner: v0.8.0Duration: 4msScanned: 6d ago · Jun 1, 9:44 PMSource →
Open community →Automate with the API →Join the discussion →Jump to findings →
Embed this badge
AgentVerus SUSPICIOUS 73AgentVerus SUSPICIOUS 73AgentVerus SUSPICIOUS 73
[![AgentVerus](https://agentverus.ai/api/v1/skill/4c62b75f-c1f6-427b-aa10-93bbbb2fa3d6/badge)](https://agentverus.ai/skill/4c62b75f-c1f6-427b-aa10-93bbbb2fa3d6)
Community Discussion

Community Comments

Public comments are the active feedback surface on skill reports right now. Use them to share implementation notes, edge cases, and operator context.

0 comments

Sign in to comment on this skill

No comments yet. Be the first to share your thoughts.

Continue the workflow

Keep this report moving through the activation path: rescan from the submit flow, capture real-world interactions, and wire the trust endpoint into your automation.

Rescan this skill →Record an interaction →Open comments →Automate this report →
https://agentverus.ai/api/v1/skill/4c62b75f-c1f6-427b-aa10-93bbbb2fa3d6/trust
Personalized next commands

Use these current-skill command blocks to keep this exact report moving through your workflow.

Record an interaction
curl -X POST https://agentverus.ai/api/v1/interactions \
  -H "Authorization: Bearer at_your_api_key" \
  -H "Content-Type: application/json" \
  -d '{"agentPlatform":"openclaw","skillId":"4c62b75f-c1f6-427b-aa10-93bbbb2fa3d6","interactedAt":"2026-03-15T12:00:00Z","outcome":"success"}'
Fetch trust JSON
curl https://agentverus.ai/api/v1/skill/4c62b75f-c1f6-427b-aa10-93bbbb2fa3d6/trust

Category Scores

32
Permissions
100
Injection
92
Dependencies
0
Behavioral
80
Content
100
Code Safety

Findings (15)

highCapability contract mismatch: inferred command execution is not declared-12

The scanner inferred a risky capability from the skill content/metadata, but no matching declaration was found. Add a declaration with a clear justification, or remove the behavior.

Content pattern: npx

Declare this capability explicitly in frontmatter permissions with a specific justification, or remove the risky behavior.

permissionsASST-03
highCapability contract mismatch: inferred unrestricted scope is not declared-10

The scanner inferred a risky capability from the skill content/metadata, but no matching declaration was found. Add a declaration with a clear justification, or remove the behavior.

Content pattern: automating any browser task

Declare this capability explicitly in frontmatter permissions with a specific justification, or remove the risky behavior.

permissionsASST-03
highUnrestricted scope detected-20

Found unrestricted scope pattern: "automating any browser task" Merged overlapping signals from the repeated finding family: - Unrestricted scope detected

description: Browser automation CLI for AI agents. Use when the user needs to interact with websites, including navigating pages, filling forms, clicking buttons, taking screenshots, extracting data,

Define clear boundaries for what the skill can and cannot do. Unrestricted scope is a security risk.

behavioralASST-09
highCredential form automation detected-15

Found credential form automation pattern: "fill out a form"

description: Browser automation CLI for AI agents. Use when the user needs to interact with websites, including navigating pages, filling forms, clicking buttons, taking screenshots, extracting data,

Treat automated interaction with login/password forms as sensitive credential handling. Require user approval before filling credentials or automating authenticated sign-in flows.

behavioralASST-05
highPackage bootstrap execution detected-15

Found package bootstrap execution pattern: "npx agent-browser:*)"

allowed-tools: Bash(agent-browser:*), Bash(npx agent-browser:*)

Surface package bootstrap commands for review. Ephemeral package execution and install-time dependency pulls increase supply-chain risk, especially when versions are not pinned or provenance is unclear.

behavioralASST-04
highBrowser content extraction detected-15

Found browser content extraction pattern: "extracting data" Merged overlapping signals from the repeated finding family: - Browser content extraction detected

description: Browser automation CLI for AI agents. Use when the user needs to interact with websites, including navigating pages, filling forms, clicking buttons, taking screenshots, extracting data,

Treat browser page capture and HTML/text extraction as potential data-access operations, especially when sessions may be authenticated. Make the data-access scope explicit and avoid collecting more page content than needed.

behavioralASST-02
mediumCapability contract mismatch: inferred credential form automation is not declared-8

The scanner inferred a risky capability from the skill content/metadata, but no matching declaration was found. Add a declaration with a clear justification, or remove the behavior.

Content pattern: fill out a form

Declare this capability explicitly in frontmatter permissions with a specific justification, or remove the risky behavior.

permissionsASST-05
mediumCapability contract mismatch: inferred network access is not declared-6

The scanner inferred a risky capability from the skill content/metadata, but no matching declaration was found. Add a declaration with a clear justification, or remove the behavior.

Content pattern: https://dashboard.agent-browser.localhost

Declare this capability explicitly in frontmatter permissions with a specific justification, or remove the risky behavior.

permissionsASST-04
mediumCapability contract mismatch: inferred browser automation is not declared-8

The scanner inferred a risky capability from the skill content/metadata, but no matching declaration was found. Add a declaration with a clear justification, or remove the behavior.

Content pattern: Browser automation

Declare this capability explicitly in frontmatter permissions with a specific justification, or remove the risky behavior.

permissionsASST-03
mediumCapability contract mismatch: inferred content extraction is not declared-8

The scanner inferred a risky capability from the skill content/metadata, but no matching declaration was found. Add a declaration with a clear justification, or remove the behavior.

Content pattern: extracting data

Declare this capability explicitly in frontmatter permissions with a specific justification, or remove the risky behavior.

permissionsASST-02
mediumCapability contract mismatch: inferred local service access is not declared-8

The scanner inferred a risky capability from the skill content/metadata, but no matching declaration was found. Add a declaration with a clear justification, or remove the behavior.

Content pattern: testing web apps

Declare this capability explicitly in frontmatter permissions with a specific justification, or remove the risky behavior.

permissionsASST-03
mediumCapability contract mismatch: inferred package bootstrap is not declared-8

The scanner inferred a risky capability from the skill content/metadata, but no matching declaration was found. Add a declaration with a clear justification, or remove the behavior.

Content pattern: npx agent-browser:*)

Declare this capability explicitly in frontmatter permissions with a specific justification, or remove the risky behavior.

permissionsASST-03
mediumOverly broad activation triggers-10

The skill uses broad trigger language (for example 'use proactively' or 'any task requiring ...'), which can cause trigger hijacking and unintended activation.

Browser automation CLI for AI agents. Use when the user needs to interact with websites, including navigating pages, filling forms, clicking buttons, taking scr

Narrow the activation criteria. Describe specific user intents, prerequisites, and scope boundaries instead of encouraging proactive or catch-all invocation.

contentASST-11
mediumUnknown external reference-8

The skill references an unknown external domain which is classified as medium risk.

https://dashboard.agent-browser.localhost`

Verify that this external dependency is trustworthy and necessary.

dependenciesASST-04
infoSafety boundaries defined

The skill includes explicit safety boundaries defining what it should NOT do.

Safety boundary patterns detected in content

Keep these safety boundaries. They improve trust.

contentASST-09