ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Agent Browser Skill

v1.0.0

Automate web browsing with navigation, form filling, clicking, screenshots, data extraction, and testing using Chrome via OpenClaw browser tool.

0· 182·1 current·1 all-time
by@baiyunrei2025
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name, description, SKILL.md, and the included script all focus on driving the OpenClaw browser tool (open, snapshot, act, etc.). There are no unrelated environment variables, binaries, or config paths requested; the requested capabilities are proportional to a browser automation helper.
Instruction Scope
SKILL.md confines runtime instructions to calling the OpenClaw browser tool and gives examples, safety guidance, and troubleshooting steps. It does not instruct reading unrelated files, harvesting environment variables, or sending data to external endpoints outside the expected browser interactions.
Install Mechanism
There is no install spec (instruction-only). However, the package includes a JavaScript wrapper (scripts/browser-automation.js) which will be written to disk when the skill is installed. The script uses child_process.exec to run CLI commands; no remote downloads or extract steps are present.
Credentials
The skill declares no required environment variables, no primary credential, and no config paths. The code does not read environment variables. This matches the described purpose.
Persistence & Privilege
always is false and model invocation is allowed (platform default). The skill does not request permanent presence or attempt to modify other skills or system-wide configs.
Assessment
This skill appears to do what it claims: it builds shell commands that call the local OpenClaw browser CLI. Before installing or enabling it, consider: 1) The included script uses child_process.exec and concatenates user-supplied values into shell commands — if the agent is ever given untrusted input that becomes an argument, a malicious string could perform command injection. Prefer running this skill only with trusted inputs or replacing exec with a safer API (spawn/execFile with arg arrays) or sanitizing inputs. 2) The skill will drive a browser and therefore can access any content the browser can — avoid visiting pages with secrets or auto-submitting sensitive forms. 3) Verify the OpenClaw browser tool/CLI on your system is the legitimate implementation you expect. 4) If you will run the skill in a shared environment, sandbox it (network / filesystem restrictions) or review and modify scripts to harden argument handling. If you need, I can suggest concrete code changes to remove shell interpolation and use a safer child_process pattern.

Like a lobster shell, security has layers — review code before you run it.

latestvk97cnyygt1xs6c6y7exme2b8098336jd

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments