Back to skill
Skillv1.0.0
VirusTotal security
My Browser Agent · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 6:40 AM
- Hash
- e99bc129bf338ab204c7de5208b6bba409829a50e8bb66e254ef67216e1e8d10
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: my-browser-agent Version: 1.0.0 The skill implements browser automation using Playwright, which involves high-risk capabilities such as arbitrary network access and filesystem writes (saving screenshots to /tmp/screenshot.png). While the code in index.js aligns with the stated purpose in SKILL.md, it lacks input validation for the 'url' parameter, potentially allowing the agent to access sensitive local files (file://) or internal network resources (SSRF). Furthermore, the package.json and package-lock.json files specify a non-existent version of the playwright dependency (1.58.2), which is an anomalous configuration.
- External report
- View on VirusTotal