Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Persistent Browser Scraper
v1.0.0用 Playwright 持久化上下文(main-identity)抓取需要登录态的网站(YouTube、GitHub、HuggingFace、Reddit、Kaggle、X/Twitter)。当用户要求外网搜索或指定这些网站时自动触发。
⭐ 0· 154·0 current·0 all-time
by@ckncg
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The described purpose (scraping sites that require login via a persistent Playwright context) is coherent with using launch_persistent_context. However, the SKILL.md hardcodes a specific user_data_dir (/home/kncao/.openclaw/browser-profiles/main-identity) and instructs manipulating its files. The skill metadata declares no required config paths or credentials, so the instructions demand access beyond what was declared and beyond a typical scraper's minimal needs.
Instruction Scope
The runtime instructions explicitly tell the agent to read/write a local browser profile and to rm -f the SingletonLock before each run. That is file-system access and modification of another profile on disk (potentially containing cookies, sessions, credentials). The instructions also require running Playwright headful with args (including --no-sandbox and anti-detection flags), which expands runtime privileges and evasion tactics. These actions go beyond simple page fetching and implicate sensitive local data and destructive operations.
Install Mechanism
This is instruction-only (no install spec), which limits installation-time risk. However, the SKILL.md assumes Playwright (and a browser) are available but does not declare required binaries or packages. The missing dependency declarations are an incoherence: the skill will fail or behave unpredictably unless Playwright and appropriate browsers are present.
Credentials
No environment variables or credentials are requested, yet the skill asks to use a persistent browser profile that likely contains cookies, tokens, and session state. Access to that profile is disproportionate and privacy-sensitive. The skill gives no guidance for using a dedicated/sandboxed profile or requesting explicit user consent for accessing such data.
Persistence & Privilege
The skill is not marked always:true, but disable-model-invocation is false (normal), meaning the agent could autonomously invoke this skill when triggered by web-search intents. Autonomous invocation combined with the ability to read/modify a local logged-in browser profile increases the blast radius and privacy risk if invoked without explicit user confirmation.
What to consider before installing
This skill instructs the agent to open and modify a hard-coded local browser profile (including deleting a lock file) to scrape logged-in content. That profile can contain cookies, sessions, and other sensitive data. Before installing: (1) do not install unless you fully trust the skill author and understand why it needs your browser profile; (2) prefer a design that uses explicit API tokens or a dedicated, sandboxed browser profile rather than your main identity; (3) require the skill to declare dependencies (Playwright, browser) and the config path it will use, and change the path to a profile you control; (4) avoid running with --no-sandbox and headful flags on untrusted code; (5) if you test it, run inside an isolated VM/container with a throwaway profile and monitor file access; (6) consider disabling autonomous invocation so the skill runs only with explicit user approval.Like a lobster shell, security has layers — review code before you run it.
latestvk97bfkve77465p65jdf956na6h83aq10
License
MIT-0
Free to use, modify, and redistribute. No attribution required.