Back to skill
Skillv1.0.0
VirusTotal security
chrome-cdp · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 6:23 AM
- Hash
- a39f7246eab0099c778473e35b216b2718f67b0a5886adac786679b8f4b6f17c
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: chrome-cdp Version: 1.0.0 The skill provides high-risk capabilities by allowing an AI agent to control and read data from a user's active Chrome session (including authenticated sites like Gmail). A critical shell injection vulnerability exists in index.js, where execSync is used to execute commands with unsanitized arguments. Additionally, the skill is incomplete and requires the user to clone an external repository (https://github.com/pasky/chrome-cdp-skill), which introduces a supply chain risk.
- External report
- View on VirusTotal