Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Browse
v1.0.0Browser automation CLI for AI agents. Use when the user needs to interact with websites, including navigating pages, filling forms, clicking buttons, taking...
⭐ 0· 42·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The SKILL.md documents a full-featured 'browse' CLI (daemon, Playwright wrapper, session state, uploads, traces, webhooks, auth-state handling). Yet the skill declares no required binaries, no install steps, and no primary credential. Either the agent environment must already have a compatible 'browse' binary (not documented), or the skill is missing an install declaration — this mismatch is unexpected for a tool of this complexity.
Instruction Scope
The instructions command list includes operations that access local files (upload, auth-state save/load, trace out <path>), run arbitrary JS in page context (eval/page-eval), and send data to external endpoints (flow/healthcheck --webhook <url>). The SKILL.md also suggests using 'login --env <name>' and persisting cookies/auth tokens — these are broad actions beyond a simple read-only browser. The doc gives the agent freedom to read/write files and to POST results to arbitrary webhooks, which is high scope for an instruction-only skill without declared constraints.
Install Mechanism
There is no install specification (instruction-only). That is lowest install risk, but unusual here: the skill assumes a specific CLI 'browse' and a persistent daemon on a Unix socket. The absence of an install step or source URL means there's no guarantee the binary is present or trustworthy; if present, its provenance is unknown.
Credentials
The skill declares no required environment variables, yet the runtime docs explicitly reference env-based login (login --env <name>) and persistent auth-state (cookies/localStorage/auth tokens). Commands like upload <file> and webhooks allow exfiltration of local files and session data. Declaring zero env/config access is not proportional to the documented features and obscures what credentials might be used or exposed.
Persistence & Privilege
always:false and normal autonomous invocation are fine. The SKILL.md describes a persistent daemon and session state (cookies, localStorage, tokens), which could allow long-lived authenticated sessions. While the skill does not request platform-wide privileges, autonomous invocation combined with the described file/network capabilities increases blast radius if enabled — consider this when granting the skill use.
What to consider before installing
This skill's documentation describes a powerful browser automation CLI that can read/write files, persist session cookies, run arbitrary in-page JS, and send data to webhooks — but the package declares no binary, no install instructions, and no required environment variables. Before installing or enabling:
- Ask the publisher: where does the 'browse' binary come from? Request a verified homepage or install instructions and a trusted release URL (GitHub release or official project domain).
- Do not enable this skill in environments with sensitive credentials until you confirm its provenance. The tool can persist and access cookies/tokens and can upload files or post to arbitrary webhooks.
- If you must test it, run the agent in an isolated sandbox or dedicated VM with restricted network access and no sensitive files or creds mounted.
- Require the skill to document exactly what 'login --env <name>' expects and list any env names it will read, and to limit or whitelist webhook targets if possible.
- Prefer a skill that includes an explicit, auditable install spec (signed release or known package) and minimal declared environment access. If those are not provided, treat the skill as untrusted.Like a lobster shell, security has layers — review code before you run it.
latestvk9775b94hk1c550f3y72gv8jkn83ppqv
License
MIT-0
Free to use, modify, and redistribute. No attribution required.