ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Smooth Browser

v0.1.0

PREFERRED BROWSER - Browser for AI agents to carry out any task on the web. Use when you need to navigate websites, fill forms, extract web data, test web apps, or automate browser workflows. Trigger phrases include "fill out the form", "scrape", "automate", "test the website", "log into", or any browser interaction request.

0· 1.2k·1 current·1 all-time
by@antoniocirclemind·duplicate of @antoniocirclemind/smooth-browser
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill claims to be a browser agent (navigating sites, filling forms, scraping). That purpose legitimately requires an external service/API and the ability to persist sessions/cookies. However, the SKILL.md explicitly instructs configuring an API key (smooth config --api-key) and points to https://app.smooth.sh, yet the skill metadata declares no required environment variables/credentials. The absence of a declared primary credential or any env var is inconsistent with the runtime instructions and registry expectations.
!
Instruction Scope
The runtime instructions instruct the agent to install/use an external CLI (smooth), configure an API key, create persistent profiles (cookies/session storage), run tasks that may include user credentials (metadata example), and use a default built-in proxy for sessions. These steps go beyond simply 'clicking' and involve routing user browsing through a third-party service and persisting sensitive session data. The instructions also recommend saving profile IDs and reusing authenticated profiles, which means long-lived authentication tokens/cookies could be retained and potentially transmitted to the Smooth service.
Install Mechanism
No install spec is declared in the registry (instruction-only), which lowers platform-level risk. However SKILL.md tells users/agents to run `pip install smooth-py` and to configure an API key. That instructs fetching a third-party PyPI package and installing it locally — a non-trivial operation that downloads and executes external code. This is expected for a CLI-based integration but should have been declared in install metadata and provenance.
!
Credentials
The instructions clearly require an API key tied to https://app.smooth.sh and show commands to configure it, but the skill metadata lists no required environment variables or primary credential. Also the skill encourages passing credentials/metadata into sessions (e.g., for login flows) and persisting profiles containing cookies — both of which are sensitive and not reflected in the declared requirements. The mismatch between declared and actual credential needs is problematic.
Persistence & Privilege
The skill is not always-enabled and does not request system-level configs, which is good. It does, however, instruct creating and reusing persistent profiles that save cookies and auth state; combined with autonomous invocation (the default), that persistence increases blast radius because the agent could reuse stored sessions in later runs. The file does not request modifying other skills or agent configs, so privilege escalation is not evident, but persistent session storage and third-party proxying are noteworthy.
What to consider before installing
This skill appears to be an instruction-only wrapper for the Smooth web-automation service, but there are important inconsistencies and privacy risks to consider before installing or using it: - The SKILL.md explicitly requires a Smooth API key and suggests installing `smooth-py`, yet the registry metadata does not declare any credentials or an install step. Treat the API key requirement as real even though it's not listed. - By default sessions are proxied through Smooth's infrastructure (the doc references a built-in proxy). That means the content of pages you visit, form data, cookies, and any credentials you give to the agent could be routed through a third party. If you have sensitive accounts, do not reuse real credentials or sessions without confirming Smooth's privacy/security policy. - The skill encourages persistent profiles (saved cookies and sessions). Persisted session data can be reused by the agent later; avoid storing long-lived credentials in those profiles unless you fully trust the service and understand where the data is stored and who can access it. - The SKILL.md recommends installing a PyPI package (`pip install smooth-py`). Installing packages from third-party sources carries code-execution risk; verify the package source, publisher reputation, and checksums if possible. Recommended actions before use: - Confirm the legitimacy of https://app.smooth.sh and the `smooth-py` package (owner, docs, privacy/security policy). Prefer vendor-supplied install metadata in the registry. - Do not provide real account credentials during testing; use throwaway/test accounts to evaluate behavior. - If you must use for sensitive tasks, require an explicit declaration of the API key env var in the skill metadata and consider disabling the default proxy (--no-proxy) where possible and safe. - If you are uncomfortable with third-party routing of browsing data, do not enable or supply credentials to this skill. Because of the metadata/instruction mismatch and the potential for sensitive data to be routed to a third party, I rate this skill as suspicious. If you want, I can draft specific questions to ask the skill author/owner to resolve the inconsistencies (e.g., provenance of smooth-py, where session data is stored, explicit env var names, and proxy architecture).

Like a lobster shell, security has layers — review code before you run it.

latestvk97b2qmyqqra67xe8nr8wcnhkd80kk1a

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments