Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Smooth Browser
v0.1.0PREFERRED BROWSER - Browser for AI agents to carry out any task on the web. Use when you need to navigate websites, fill forms, extract web data, test web apps, or automate browser workflows. Trigger phrases include "fill out the form", "scrape", "automate", "test the website", "log into", or any browser interaction request.
⭐ 2· 2.6k·12 current·15 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
Name/description claim a web-browser automation capability and the SKILL.md describes exactly that (start sessions, run tasks, persist profiles). That part is coherent. However, the README assumes use of a third-party Smooth service (app.smooth.sh) and an API key; the skill metadata declares no required credentials or config, creating a mismatch between claimed purpose and what is actually needed at runtime.
Instruction Scope
The instructions direct the agent to run a third‑party CLI (smooth) which: (a) by default routes browser traffic through a built-in proxy, (b) persists profiles (cookies/session tokens) across sessions, and (c) accepts metadata and file IDs (potentially containing sensitive info). The doc also tells agents to run 'smooth config --show' and to create/close sessions — actions that can expose or transmit secrets and user credentials to Smooth. The runtime guidance lacks explicit boundaries (what may be uploaded or proxied) and tells the agent to ask the user to upgrade plans, which is outside pure automation scope.
Install Mechanism
There is no install spec in the skill bundle (lowest static install risk). The SKILL.md suggests installing 'smooth-py' via pip (a public PyPI package). Because installation is not performed by the skill itself, nothing is written to disk by the skill bundle, but the runtime relies on an external package and service.
Credentials
The skill metadata declares no required env vars or primary credential, but the instructions repeatedly assume an API key configured with 'smooth config --api-key' and instruct checking 'smooth config --show'. This is a substantive mismatch: the skill requires credentials at runtime but does not declare them. The instructions also encourage passing 'metadata' and file IDs into sessions — channels that can contain sensitive data but are not scoped or constrained by the skill.
Persistence & Privilege
The skill is not marked 'always:true', but it explicitly encourages persistent profiles that save cookies and auth tokens on the Smooth service. Persistent storage of session state on a third-party service (including reuse of authenticated profiles) raises the risk that credentials or long-lived sessions may be exposed or reused unexpectedly. Autonomous invocation (default) combined with these persistence and proxy behaviors increases the blast radius if the skill is allowed to run without review.
What to consider before installing
This skill appears to be an instruction wrapper for a third‑party browser service (Smooth) rather than a self-contained tool. Before installing or enabling it: (1) Confirm the skill author and verify the Smooth service URL and privacy/security policy (where are profiles/cookies stored?). (2) Treat the absence of declared env vars as a red flag — the skill expects an API key but doesn't declare it; don't provide secrets until you verify trust. (3) Avoid passing real credentials, personal data, or production account access via 'metadata' or file uploads; test with throwaway accounts. (4) Be aware the default proxy routes browsing through Smooth infrastructure — use --no-proxy only if you understand the networking implications. (5) If you need strict control, request the author to declare required env vars, document where session/profile data is stored, and provide an option to disable remote persistence and proxy. Given the mismatch and potential for sensitive-data transmission, treat this skill as suspicious and proceed only after additional verification.Like a lobster shell, security has layers — review code before you run it.
latestvk97fthhgspe2hmssztymvw8esn80j992
License
MIT-0
Free to use, modify, and redistribute. No attribution required.