Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
BrowserOS CLI
v1.0.0Use when a task requires interacting with a website beyond just reading it — clicking elements, filling forms, submitting data, navigating through multi-step...
⭐ 1· 47·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The name and description (browser automation: clicking, filling forms, screenshots, bookmarks/history) match the CLI commands and examples in SKILL.md and references/cli-commands.md. However, the registry metadata claims no required env vars or config paths while the command reference documents environment variables (BROWSEROS_URL, BOS_JSON, BOS_DEBUG) and auto-detection from local config files (~/.browseros/server.json, ~/.config/browseros-cli/config.yaml). This is a minor inconsistency but explainable: the skill itself does not demand credentials, yet the CLI can use local config or env vars if present.
Instruction Scope
The SKILL.md stays within browser automation scope (open, snap, click, fill, upload, download, history/bookmark commands). It does allow potentially sensitive actions that are normal for a browser CLI: file upload, downloading files to disk, reading/saving screenshots, running page JS via eval, and manipulating browser history/bookmarks. The document warns against eval and recommends read-only first, which helps, but the instructions give the agent broad discretion (e.g., upload <file>, history delete) that could access or modify local data if the operator or agent provides files or config paths.
Install Mechanism
There is no formal install spec in the registry (instruction-only), but SKILL.md instructs installing via npm (npm install -g browseros-cli) and running browseros-cli install which downloads the BrowserOS app. Installing a third-party npm package and downloading a native app are normal for a CLI, but they do introduce the usual risks of fetching and running remote code. The SKILL.md points to plausible project pages (browseros.com, GitHub) rather than obscure URLs, reducing concern but you should verify the package origin before running npm -g.
Credentials
The skill metadata lists no required env vars or primary credential, which aligns with an instruction-only skill. The command reference, however, documents optional env vars (BROWSEROS_URL, BOS_JSON, BOS_DEBUG) and config-file auto-detection paths. Those are reasonable for a CLI, but if present they could cause the CLI to read local configuration or server URLs (and potentially credentials) from disk or environment. In short: the skill itself doesn't demand secrets, but the underlying CLI can use local env/config — verify those before use.
Persistence & Privilege
The skill is not always-enabled and does not request elevated platform persistence. It is user-invocable and allows autonomous invocation (the platform default). It does not attempt to modify other skills or system-wide agent settings in the provided instructions.
Assessment
This SKILL.md is an instruction-only adapter for the browseros-cli tool — it looks coherent for browser automation. Before you install or let an agent use it: 1) Verify the npm package and BrowserOS download sources (follow the provided GitHub/browseros.com links) to ensure you're installing the official binaries. 2) Be aware the CLI can upload local files, download files, run page JS (eval), and read/write browser history/bookmarks — avoid giving the agent secrets or private files to upload. 3) Check for existing ~/.browseros or ~/.config/browseros-cli config files and BROWSEROS_URL/BOS_* env vars; these may contain server URLs or tokens the CLI will use. 4) Prefer running the CLI in a controlled environment (sandbox/container) if the pages you automate or files you handle are sensitive. If you want a stricter audit trail, review the browseros-cli project source on GitHub before installing.Like a lobster shell, security has layers — review code before you run it.
latestvk97dws81qb5pe74p2dpf5ptzms83zak8
License
MIT-0
Free to use, modify, and redistribute. No attribution required.