When you point an OpenClaw agent at the web, the web points back. Dark patterns try to hijack its decisions. Prompt injection hides in HTML comments and user-generated content. Cookie banners and engagement rails chew through tokens before the agent gets to the actual task. A new open source tool from PixieBrix is designed to sit between the browser and the model and filter all of that out before it causes trouble.
Agent Browser Shield is a Chromium MV3 extension with 30+ rules that shipped to ClawHub and the Chrome Web Store today. It showed up on Hacker News this afternoon with 6 points and a focused discussion from people already running into exactly these problems.
What It Defends Against
The extension targets three categories of threat:
Prompt injection: Hidden text, HTML comments, and user-generated content that embed instructions intended to redirect the agent away from the user's goal. The extension strips these before the model sees them.
Dark patterns: Fake urgency signals ("Only 2 left!"), pre-selected add-ons, forced continuity traps, and other manipulative UI patterns that research shows can fool reasoning models even when the model is told to ignore them. Agent Browser Shield blocks or redacts these at the DOM level.
Context pollution: Cookie banners, chat widgets, footers, sponsored content, and other page chrome that takes up tokens without contributing to the task. Stripping them makes agents faster and cheaper to run.
PII masking is also included — credentials and personal data are redacted before they reach the model.
How It Works with OpenClaw
The ClawHub skill (clawhub install agent-browser-shield) exposes install paths and a runtime behavior contract so OpenClaw agents can check whether the extension is loaded and reason about what protection level is active. This makes the integration first-class rather than a side-channel hack.
The extension works on any Chromium-based browser — Chrome, Edge, Brave, Arc, and Opera. For agent runtimes that can't load from the Web Store, the repo includes packaging scripts to produce a ZIP for the Browserbase extensions API.
Benchmark Harness Included
The repo ships a full benchmark harness (scripts/benchmark_run.py) that compares agent task success across configurations — extension on or off, different model vendors and sizes, different step budgets. Results are rendered as an HTML matrix with per-task side-by-side a11y-tree comparisons. There is also a live demo site, RiverMart, that deliberately packs every dark pattern and injection vector onto a few pages so you can see the before/after difference visually.
Licensing Note
Agent Browser Shield is source-available under PolyForm Shield 1.0.0. Personal, internal, and research use is free. The only restriction is that you cannot use it to build a competing product. A commercial license is available for that case.
Get It
- Chrome Web Store
- GitHub: pixiebrix/agent-browser-shield
- ClawHub skill:
clawhub install agent-browser-shield - Documentation
This is the kind of defensive tooling the OpenClaw ecosystem has needed for a while. Prompt injection is not a solved problem and dark patterns are designed to fool humans — agents running in the wild need active defenses, not just careful prompting.