openclaw-browser-extension-clicker

ReviewAudited by ClawScan on May 10, 2026.

Overview

The skill is transparent and has no network exfiltration code, but it gives the agent system-level mouse control to bypass browser restrictions and click browser or system UI.

Install only if you intentionally need desktop-level browser-extension clicking. Grant screen/control permissions cautiously, run dry-run or screenshot checks first, keep sensitive windows closed, and require explicit approval before any real click.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Medium

#ASI02: Tool Misuse and Exploitation

What this means

If invoked at the wrong time or with the wrong coordinates, it could click the active desktop and trigger an action the user did not intend.

Why it was flagged

The skill explicitly uses OS-level GUI automation as an escape hatch around browser security boundaries and includes toolbar, extension, and system-menu surfaces rather than a scoped browser API.

Skill content

使用系统级 GUI 自动化，绕过浏览器安全限制。 当需要操作浏览器工具栏、扩展图标、系统菜单时使用。

Recommendation

Use only with explicit per-use approval, keep the intended browser window focused, test with --dry-run or --screenshot first, and avoid allowing autonomous use on unknown coordinates or system menus.

Low

#ASI04: Agentic Supply Chain Vulnerabilities

What this means

Installing unpinned dependencies can expose the environment to ordinary package supply-chain risk.

Why it was flagged

The skill depends on third-party PyPI packages for GUI automation. This is expected for the purpose, but versions are not pinned in the artifact.

Skill content

packages:
          - pyautogui
          - Pillow

Recommendation

Install dependencies from a trusted Python environment and consider pinning known-good versions.

Low

#ASI06: Memory and Context Poisoning

What this means

Private information visible on the screen could remain in a local screenshot file.

Why it was flagged

The optional screenshot mode captures the screen and writes an image file locally, which may include sensitive visible information.

Skill content

screenshot = pyautogui.screenshot()
        screenshot.save(output_path)

Recommendation

Close sensitive windows before using screenshot mode and delete generated screenshot files when no longer needed.