ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

openclaw-browser-extension-clicker

v1.0.0

自动点击浏览器扩展图标(如 OpenClaw Browser Relay)。 使用系统级 GUI 自动化,绕过浏览器安全限制。 当需要操作浏览器工具栏、扩展图标、系统菜单时使用。

0· 267·0 current·0 all-time
by@binbinhihi
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The name/description (automatically click browser extension icons) matches the implementation: a Python script using pyautogui/Pillow to screenshot, template-match, and click coordinates. Required binaries (python3, pip) and Python packages are proportionate to this purpose.
Instruction Scope
Instructions and the script legitimately read screen pixels, take screenshots, perform template matching, and simulate mouse clicks. This is necessary for the stated goal, but screenshots can capture sensitive on-screen data and the script will simulate real user clicks — test with --dry-run and review outputs before running live.
Install Mechanism
No arbitrary download/install spec is present; dependencies are installed via pip (pyautogui, Pillow), which is expected for GUI automation. No remote URLs or extracted archives are used.
Credentials
The skill requests no environment variables or credentials and the code does not access unrelated system configuration. It does require OS-level screen access permissions on macOS, which is appropriate for its function.
Persistence & Privilege
The skill is user-invocable, not always-enabled, and does not modify other skills or system-wide settings. Autonomous invocation is allowed by default but not requested as always: true.
Assessment
This skill appears internally consistent for automating clicks on browser-extension icons, but it controls your mouse and captures screenshots of your screen. Before installing or running it: (1) review the click_extension.py source and any template images locally; (2) run with --dry-run and --screenshot first to confirm coordinates; (3) do not grant screen-recording permissions unless you trust the code; (4) be aware that automated clicks can trigger actions in your browser (possibly sensitive), so use in a controlled environment and avoid running against accounts or workflows you care about without testing.

Like a lobster shell, security has layers — review code before you run it.

latestvk974y954j8t8yhftq18jtw5krx82tc54

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🖱️ Clawdis
Binspython3, pip

Comments