browser-read-x
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: browser-read-x Version: 1.0.0 The skill is a specialized web scraper designed to extract clean text content from X (Twitter) posts and articles. The provided JavaScript (extract.js) performs DOM manipulation to remove UI noise (sidebars, ads, login prompts) and converts the main content into a markdown-like format, returning it to the agent without any evidence of data exfiltration, malicious execution, or prompt injection.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent can run this extractor on the currently open page and read the page's visible content.
The skill intentionally runs bundled JavaScript in the active browser page. This is disclosed and purpose-aligned for extracting page content, but users should understand that code executes in the page context.
Run `browser act` with `kind="evaluate"` and pass the contents of `skills/browser-read-x/extract.js` as `fn`.
Invoke it only on pages whose visible content you are comfortable sharing with the agent, and keep the skill source trusted and reviewed.
Private or protected X/Twitter content that is open in the browser could be returned to the agent as extracted text.
The skill is designed to work on pages that may be accessible because the user is already authenticated in the browser. It does not request credentials, but it can extract content visible through the user's current browser access.
`web_fetch` is noisy or blocked (auth-required/public X/X-protected pages).
Do not run it on private, protected, or sensitive pages unless you want that content included in the agent conversation.