Smooth Browser

OpenClaw Agent Skill The skill bundle is classified as suspicious due to the presence of high-risk capabilities that could be exploited for data exfiltration or unauthorized actions. Specifically, the `smooth upload-file` command in `SKILL.md` allows the agent to upload arbitrary local files (e.g., `/path/to/document.pdf`) to the `smooth.sh` service. While the stated purpose is benign, this capability, combined with the agent's autonomy, creates a significant risk if the agent were to be maliciously prompted to upload sensitive files (e.g., credentials, private keys). Additionally, the `smooth evaluate-js` command allows arbitrary JavaScript execution within the browser, which could be abused.