ZeroToken - Record once, automate forever
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is a coherent instruction-only browser automation skill, but users should understand it can guide an agent to automate logged-in web actions and replay stored scripts on a schedule.
Install only if you intentionally want ZeroToken-powered browser automation and scheduled replay. Review the ZeroToken package/source, keep the MCP service bound to localhost, avoid recording sensitive secrets into reusable scripts, and be careful when allowing scheduled jobs to act on logged-in accounts.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may be able to perform actions on websites in the user's browser context, including actions on logged-in accounts if the user directs it there.
The skill instructs use of broad browser-control tools that can interact with websites, read page contents, capture screenshots, and extract data. This is central to the skill's purpose, but users should understand the breadth of browser authority.
browser_click, browser_input, browser_get_text, browser_get_html, browser_screenshot, browser_extract_data
Use this only with trusted tasks and sites, and review any automation before letting it perform sensitive account, financial, posting, or administrative actions.
If used on logged-in services, the automation can act as the user and may expose or misuse sensitive account access if given the wrong task.
The skill explicitly contemplates entering usernames and passwords through browser automation. That is purpose-aligned for browser tasks, but it means the agent may operate with the user's web-account privileges.
browser_input ... 在输入框内输入用户名、密码、搜索关键字等
Avoid giving credentials unless necessary, prefer limited-scope accounts when possible, and do not use scheduled replay for sensitive workflows without review.
Installing external packages adds supply-chain trust in ZeroToken, Playwright, and the installer source.
Although the registry has no install spec, the skill provides user-directed commands to install external packages and browser dependencies. This is expected for integrating ZeroToken MCP, but the packages are not pinned in the provided instructions.
pip install zerotoken ... playwright install chromium ... mcporter install zerotoken --target openclaw --configure
Install from trusted sources, verify the ZeroToken project/package before use, and consider pinning versions in controlled environments.
Previously recorded browser actions may persist and be replayed later, potentially including sensitive workflow details.
The skill stores trajectories, scripts, sessions, and bindings in a persistent SQLite database for later reuse. This is part of the intended replay design, but stored automation state can become stale, sensitive, or incorrectly reused if not managed.
脚本、轨迹与会话均由 MCP 后端存储在 SQLite 数据库中
Periodically review and delete old trajectories/scripts, and avoid recording secrets or sensitive one-off decisions into reusable scripts.
Scheduled browser actions may run later without the same level of live review as manual execution.
The skill describes a long-running local MCP service and scheduled one-step script replay. This is disclosed and aligned with recurring browser automation, but it means automation can continue outside a single interactive chat.
手动启动 HTTP 服务(在后台常驻) ... run_script_by_job_id:定时任务一步执行
Only bind scripts to scheduled jobs intentionally, keep the MCP service local, and disable or delete scheduled jobs/scripts when they are no longer needed.