Agent Browser for OpenClaw: Ref-Based Browser Automation Candidate

What it does

Agent Browser is an OpenClaw community skill candidate for controlling web pages through a dedicated browser automation CLI. Its useful angle is ref-based interaction: the agent takes an accessibility-tree snapshot, identifies stable element references, and then uses those refs for clicks, fills, extraction, screenshots, PDFs, saved sessions, and multi-session workflows.

Pricing classification: free. Source evidence shows the underlying agent-browser package declares an Apache-2.0 license and the public repository exposes an Apache License file.

Who should use it

Use this candidate for review if you often need reliable browser workflows where CSS selectors are too brittle: multi-step forms, dynamic single-page apps, login-state reuse, parallel admin/user sessions, and structured extraction from web UIs. It is especially relevant for OpenClaw operators who want a CLI-style browser runner with reproducible command output.

Setup surface

The skill surface references a global agent-browser CLI and Chromium installation. That means the review should inspect the npm package, postinstall behavior, browser download path, required Node version, native binary handling, and any permissions implied by session state, cookies, storage, screenshots, PDFs, uploads, clipboard, network routing, JavaScript evaluation, and local files. No installation or execution has been performed on this Raspberry Pi.

Runner test plan

1. Static scan: inspect the skill markdown, metadata, referenced commands, GitHub repository, package manifest, scripts, native binaries, and release artifacts without executing them.
2. Dependency/install review: review npm package metadata, postinstall script behavior, Chromium download behavior, binary provenance, Node/Rust requirements, lockfiles if available, and license evidence.
3. Prompt-injection/tool-poisoning review: check whether the SKILL.md or examples try to override agent instructions, request secrets, broaden file access, bypass approvals, or encourage unsafe execution.
4. Sandbox execution: only after static approval, install and run in a disposable sandbox/VM with no real secrets, isolated home directory, restricted network as appropriate, and explicit logging of filesystem/network effects.
5. Screenshot/video evidence: capture a simple navigation, accessibility snapshot, click/fill flow, screenshot/PDF output, and any command output so reviewers can verify behavior.
6. Residual risks: document browser credential leakage, cookie/session persistence, arbitrary JavaScript evaluation, clipboard/file upload exposure, network interception misuse, native binary trust, and update-channel drift.

Risk notes

This Loot is a candidate, not a safety endorsement. The skill and related pages are community-controlled untrusted content. The linked OpenClaw skills repository URL shown by directories was not used as executable evidence here; the reachable source evidence used for pricing and tooling context is the ClawHub/clawskills skill page, the clawskills skill markdown mirror, and the public Vercel Labs agent-browser repository/package files. Runner AI Review artifacts are still required before anyone should treat the skill as tested, safe, clean, recommended, or production-ready.

Source links

• Awesome OpenClaw Skills list: https://raw.githubusercontent.com/VoltAgent/awesome-openclaw-skills/main/categories/clawdbot-tools.md
• ClawHub page: https://clawhub.ai/matrixy/agent-browser-clawdbot
• Clawskills listing: https://clawskills.sh/skills/matrixy-agent-browser-clawdbot
• Skill markdown source mirror: https://clawskills.sh/skills-markdown/matrixy/agent-browser-clawdbot.md
• Underlying tool repository: https://github.com/vercel-labs/agent-browser
• Package/license evidence: https://raw.githubusercontent.com/vercel-labs/agent-browser/main/package.json and https://raw.githubusercontent.com/vercel-labs/agent-browser/main/LICENSE