v1.0.0

Persistent Browser Scraper

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 7:55 AM.

Analysis

This skill is coherent as a browser scraper, but it can automatically use a persistent logged-in browser profile, which may expose private account data or alter browser state.

GuidanceOnly install this if you intentionally want the agent to use that specific logged-in browser profile. Prefer creating a separate low-privilege scraping profile, require explicit approval before each logged-in scrape, avoid using it for generic web searches, and remove unsafe defaults such as automatic SingletonLock deletion and --no-sandbox where possible.

Findings (5)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityHighConfidenceHighStatusConcern

SKILL.md

触发条件

- 用户要求「搜索外网」「搜一下」
- ...
- 任何需要登录态才能访问的内容抓取

The skill allows broad automatic invocation of authenticated browser scraping for casual search-style prompts, without requiring a separate confirmation step.

User impactA generic request to search the web could cause the agent to browse with logged-in accounts and bring private or account-personalized data into the conversation.

RecommendationDo not auto-use the authenticated browser for generic searches; require explicit per-use consent, domain selection, and a clear statement of what data will be retrieved.

Tool Misuse and Exploitation

SeverityMediumConfidenceHighStatusConcern

SKILL.md

"--no-sandbox", "--disable-blink-features=AutomationControlled", "--disable-infobars"

The browser is instructed to run without Chromium's sandbox and with automation indicators reduced while visiting external sites using a persistent profile.

User impactMalicious web content may have less browser containment, and the automation may be less visible to the user or to websites.

RecommendationKeep the browser sandbox enabled where possible, avoid automation-evasion flags unless the user explicitly accepts them, and run scraping in an isolated profile or container.

Cascading Failures

SeverityMediumConfidenceHighStatusConcern

SKILL.md

每次抓取前先删 SingletonLock：
rm -f /home/kncao/.openclaw/browser-profiles/main-identity/SingletonLock

Deleting Chromium's profile lock before every scrape bypasses the mechanism that prevents concurrent writes to the same browser profile.

User impactIf the profile is already in use, another browser process could write to it at the same time, potentially corrupting cookies, sessions, or future browser state.

RecommendationDo not delete the lock file automatically; instead use a separate scraping profile, ask the user to close the existing browser, or work from a read-only copy.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityHighConfidenceHighStatusConcern

SKILL.md

用 Playwright `launch_persistent_context` 读写 `main-identity` 配置文件... USER_DATA_DIR = '/home/kncao/.openclaw/browser-profiles/main-identity'

This directs the agent to read and write a persistent browser identity/profile that is intended for logged-in browsing and likely contains session cookies and account state.

User impactThe agent may use the user's logged-in accounts to access account-specific or private pages, not just public web content.

RecommendationTreat the browser profile like a credential: declare it clearly, use a separate low-privilege scraping profile, restrict allowed domains, and require explicit user approval before using logged-in sessions.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityMediumConfidenceMediumStatusConcern

SKILL.md

context = await p.chromium.launch_persistent_context(
            user_data_dir=USER_DATA_DIR,

A persistent browser context reuses and updates cookies, local storage, cache, and other site state across tasks, but the skill does not define retention, isolation, or reset boundaries.

User impactPrivate browsing state or site-influenced state can persist into later tasks, and future scraping may be affected by data left behind by earlier pages.

RecommendationUse task-specific or disposable profiles when possible, document what state is retained, and provide a clear way to reset or separate browsing identities.