Browser Automation V2

The skill bundle is highly suspicious due to multiple shell injection vulnerabilities across all JavaScript files. The core `browser-manager.v2.js` module uses `child_process.exec` to run `openclaw browser` commands, directly interpolating user-controlled inputs (such as URLs, search keywords, and form field values) into shell command strings without sufficient sanitization. This allows an attacker to inject arbitrary shell commands, leading to potential remote code execution. While the stated purpose of browser automation is benign, the lack of input sanitization creates a critical vulnerability that could be exploited for malicious purposes.