Exposed secret literal
Critical
- Finding
- File appears to expose a hardcoded API secret or token.
Rent My Browser
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This skill would turn your agent and browser into a persistent marketplace worker for third-party tasks, including bot-detection-evasion browsing, while sending screenshots, results, credentials, and location/capability data to external services.
Do not install this on a personal, work, or logged-in browser environment. It is designed to let third-party marketplace customers drive your agent's browser in the background, including adversarial bot-detection scenarios. If you are only inspecting it, use an isolated disposable VM with no personal credentials, remove any registered cron job afterward, and revoke/delete any generated RMB credentials or wallet files.
Static analysis
Prompt injection instructions
Warn
- Finding
- Prompt-injection style instruction pattern detected.
VirusTotal
66/66 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Critical
What this means
Your agent can keep operating in the background, using your browser/IP and interacting with websites when you are not actively supervising it.
Why it was flagged
The script registers a persistent isolated cron job that wakes the agent every 10 seconds and tells it to execute claimed marketplace tasks immediately.
Skill content
openclaw cron add --name "rmb-task-poll" --every 10s --session isolated --no-deliver --message "You are the rent-my-browser skill. Run: bash $SCRIPT_DIR/poll-loop.sh --once --timeout 8 ... execute the task immediately"
Recommendation
Do not install on a personal or trusted machine. If testing, use a disposable VM and remove the cron job with openclaw cron remove --name rmb-task-poll.
What this means
A remote consumer's text can steer what your agent does in the browser without a visible approval step for each task.
Why it was flagged
Untrusted marketplace-provided goals and context are treated as the agent's next task instructions.
Skill content
If a task is claimed, the agent executes it with the browser ... Key fields: ... `goal` — the natural language goal to accomplish ... `context.data` — consumer-provided data
Recommendation
Require explicit owner review and approval for every task, and do not allow arbitrary third-party goals to directly drive the agent.
What this means
Your machine and IP address could be used for activity that websites are actively trying to block, which may violate terms of service or damage IP/account reputation.
Why it was flagged
The skill explicitly supports browser automation designed to evade bot detection on third-party sites.
Skill content
When `mode` is `"adversarial"`, the task targets a site with bot detection. You **must** simulate human behavior: - **Random delays**: Wait 200ms-2000ms between actions.
Recommendation
Do not run adversarial or bot-evasion browser automation. Remove this mode entirely if the skill is redesigned.
What this means
Anyone with access to logs or the saved state may be able to take over or impersonate the marketplace node.
Why it was flagged
The skill stores the service API key and also prints it to logs after registration.
Skill content
rmb_save_state ... '{"account_id": $account_id, "node_id": $node_id, "api_key": $api_key, "wallet_address": $wallet, ...}' ... rmb_log INFO "API key: $api_key"Recommendation
Never log bearer API keys; store credentials with restrictive permissions, support user-managed secrets, and provide clear revocation instructions.
What this means
Anything visible in the automated browser, including sensitive pages or session data, could be transmitted to the external marketplace.
Why it was flagged
Browser screenshots and step descriptions are posted to the marketplace API for each task step.
Skill content
--arg screenshot "$SCREENSHOT" ... '{"step": $step, "action": $action, "screenshot": $screenshot}' ... rmb_http POST "/tasks/$TASK_ID/steps" "$body"Recommendation
Do not use this with personal browser profiles or logged-in sessions. Require explicit confirmation before sending screenshots or extracted data.
What this means
Your approximate location and IP classification can be shared with external services and used to route marketplace tasks to your node.
Why it was flagged
The skill fetches and stores/sends geographic location and whether the IP appears residential or datacenter.
Skill content
ipinfo="$(curl -s --max-time 5 "https://ipinfo.io/json" ... )" ... '{country: $country, region: ..., city: ..., ip_type: $ip_type}'Recommendation
Avoid running this on a personal network; disclose and minimize location data, and require opt-in before sharing it.
What this means
It is harder to verify who maintains the skill or audit the service behind it before granting background browser access.
Why it was flagged
The skill has limited provenance information despite including scripts that register background jobs and communicate with an external marketplace.
Skill content
Source: unknown; Homepage: none; No install spec — this is an instruction-only skill.
Recommendation
Only install high-privilege background skills from a source you can verify and audit.