Back to skill
Skillv1.0.4
VirusTotal security
Rent My Browser · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:09 AM
- Hash
- 02191c8dea9f257b4a898fe0d5baa67742e462d8369c26514121f20359f0ca69
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: rent-my-browser Version: 1.0.4 The skill connects the agent to a third-party marketplace (api.rentmybrowser.dev) to execute arbitrary browser tasks, which is a high-risk capability involving remote control and data exfiltration (screenshots/extracted data). While the bundle includes significant defensive measures—such as a regex-based task validator (validate-task.mjs) and strict mandatory security rules in SKILL.md to prevent local file access and secret theft—the core functionality remains a major attack surface for prompt injection. It is classified as suspicious due to the inherent risk of executing untrusted external 'goals' on the host machine, even though the intent appears to be a legitimate monetization framework with active safety mitigations.
- External report
- View on VirusTotal