Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
browser-cdp
v1.0.0Real Chrome browser automation via CDP Proxy — access pages with full user login state, bypass anti-bot detection, perform interactive operations (click/fill...
⭐ 2· 188·10 current·10 all-time
byJialin@0xcjl
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's code and SKILL.md match the declared purpose: it implements a local CDP→HTTP proxy to drive a Chrome instance (cookies, interactive ops, screenshots). However the registry metadata lists no required binaries while the instructions and code require Node.js 22+ and a locally-launched Chrome with --remote-debugging-port. The omission of those runtime requirements in the metadata is an incoherence that should be corrected.
Instruction Scope
The runtime instructions and the included cdp-proxy.mjs explicitly read browser state (DevToolsActivePort discovery), attach to browser pages, execute arbitrary JS in pages (eval endpoint) and can save screenshots to local file paths. That behaviour is necessary for the stated tasks (reading login-gated content, interacting with pages), but it gives the skill full access to any logged-in sites in the user's Chrome profile and lets an HTTP client trigger arbitrary page JS/eval. This is high-sensitivity access — verify you only run it on machines and profiles you trust and that local HTTP endpoints are not exposed to untrusted networks.
Install Mechanism
No install spec or remote downloads are present; the skill is instruction-first with a bundled JS script. That lowers supply-chain risk. The script uses only core Node APIs (with optional fallback to the 'ws' module).
Credentials
The skill declares no required env variables, and the code only optionally reads CDP_PROXY_PORT. However the practical requirement to access the user's Chrome profile (cookies/sessions) is implicit and very sensitive. Requesting access to the browser's debugging port and profile data is proportional to the feature (login-gated automation) but is privacy-critical — treat it like granting access to all logged-in accounts in that browser profile.
Persistence & Privilege
The skill does not request always:true and appears to run only when invoked. It writes/refs files under a per-skill directory (~/.openclaw/skills/browser-cdp/references), which is expected. One implementation detail to verify: the server likely listens on the configured port but the code sample does not force binding to localhost; if it binds to all interfaces it could expose the proxy to the LAN. Confirm server binding is restricted to localhost.
What to consider before installing
This skill does what it says: it attaches to your local Chrome to access pages with your cookies and perform clicks/eval/screenshots. That capability is powerful but sensitive. Before installing: 1) Ensure you run it only on trusted machines and use a dedicated Chrome profile (SKILL.md already recommends a separate user-data-dir). 2) Use Node.js 22+ as documented. 3) Confirm the proxy binds only to localhost (not 0.0.0.0) so other hosts cannot access the HTTP API. 4) Be aware that any use of this skill can read content you are logged into (email, social media, paywalled sites) and can execute arbitrary JS in those pages — limit its use and agent permissions accordingly. 5) The registry metadata should be updated to list Node and Chrome requirements; if you need stronger guarantees, review the full cdp-proxy.mjs to ensure there are no additional network exfiltration paths and consider running the proxy inside a confined environment or container.Like a lobster shell, security has layers — review code before you run it.
latestvk971860hdfdxcawamvehtb9mc983hrcx
License
MIT-0
Free to use, modify, and redistribute. No attribution required.