ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Awublack Openclaw Agent Browser

v1.1.0

这是 openclaw-agent-browser 的官方、安全、本地化实现,由用户 awublack 维护。它调用你本地安装的 agent-browser CLI,安全地访问网页,提取标题和内容,并返回结构化摘要,让 AI 助手能理解并总结网页信息。 **使用场景**: (1) 用户要求:“帮我查看一下我的技能...

0· 41·0 current·0 all-time
by@awublack
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description match the implementation: the skill calls a local agent-browser CLI, extracts title/content, and outputs JSON. It requests no unrelated credentials or services and requires the local agent-browser CLI and Node.js as documented.
!
Instruction Scope
SKILL.md instructs the agent to run run_browser.js which in turn builds a shell command by interpolating the user-provided URL into a single string passed to child_process.exec. That allows shell/command injection if the URL contains shell metacharacters. Also the file begins with triple quotes ("""), which is invalid JavaScript and will cause a parse/runtime error — an incoherence between the claimed working script and the actual runnable code.
Install Mechanism
No install spec is present (instruction-only). The README and SKILL.md correctly state you must npm install -g agent-browser and have Node.js; nothing is downloaded or executed by the skill itself. This is low-risk from an installer perspective.
Credentials
The skill declares no environment variables or credentials and the instructions do not require any secrets. That is proportionate to the stated purpose.
Persistence & Privilege
The skill does not request always:true and does not attempt to modify other skills or system-wide settings. It is user-invocable and can be called autonomously by the agent (default), which is normal.
What to consider before installing
This skill appears to do what it says (call a local agent-browser CLI and return JSON), but do NOT install/run it without addressing two issues: (1) The run_browser.js file begins with triple quotes which will break Node.js — the script as included will likely fail to run. (2) The script constructs a shell command by interpolating the URL directly into exec(...) which allows command injection if a malicious URL or attacker-controlled input is passed. Recommended actions before using: manually inspect the run_browser.js file, remove the invalid triple-quoted header, and replace exec(...) with a safer invocation (child_process.execFile or spawn with an args array) or properly sanitize/validate and escape the URL. Also verify you trust the npm agent-browser package (audit its source), and consider restricting allowed domains or validating URLs to prevent the agent from fetching internal networks or sensitive endpoints. If you cannot or do not want to edit the code, treat this skill as untrusted and do not install it in agents with access to sensitive systems.
run_browser.js:28
Shell command execution detected (child_process).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ahg7w2r4c119m1e67n0gt5h84pnxq

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments