Riddle
ReviewAudited by ClawScan on May 10, 2026.
Overview
Riddle is a coherent hosted-browser integration, but it should be reviewed carefully because it enables broad remote browser automation with session credentials and network capture through an external plugin.
Install only if you trust Riddle and have reviewed the external plugin. Prefer non-sensitive/test accounts, avoid passing real session cookies unless necessary, do not capture HAR on sensitive sites by default, monitor usage costs, and require explicit confirmation before any authenticated action that changes data or submits information.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If enabled on sensitive sites, an agent could navigate, click, fill forms, or submit actions through a hosted browser in ways that affect user accounts or third-party services.
These tools expose broad automation and an escape-hatch API rather than only scoped screenshot operations, and the artifact does not define confirmation requirements or limits for high-impact actions.
**`riddle_script`** — Run full Playwright code for complex automation. ... **`riddle_run`** — Low-level API pass-through for custom payloads.
Use only for trusted tasks and require explicit user confirmation before submissions, purchases, account changes, or other authenticated actions.
Session cookies, headers, or localStorage values could let the hosted browser act as the user on logged-in services.
The skill asks for a provider API key and supports passing session material for authenticated sites, which is high-impact delegated authority.
Set your API key ... "YOUR_RIDDLE_API_KEY" ... Need to interact with a page behind login? Pass cookies, localStorage, or custom headers
Avoid sharing real production session credentials unless necessary; prefer test accounts, short-lived credentials, and least-privilege access.
Sensitive page contents or network data from authenticated browsing could be processed by the external service.
The provider-side browser can receive sensitive page state, screenshots, and full network traces; the artifact does not specify retention, filtering, or redaction boundaries.
All execution happens on Riddle's servers ... Add `include: ["har"]` to also capture full network traffic.
Do not enable HAR capture on sensitive sites unless required, and review the provider’s privacy, retention, and security documentation before use.
Runtime behavior depends on code outside the reviewed SKILL.md artifact.
The skill relies on an external npm/OpenClaw plugin, and the install command does not pin a package version in the documentation.
openclaw plugins install @riddledc/openclaw-riddledc
Inspect the npm package, source repository, checksums, and signatures before installing, and consider pinning a known-good version.
Users may over-trust the integration if they do not independently verify the plugin code and manifest.
These are strong security assurances, but the reviewed artifacts contain only documentation rather than the referenced plugin manifest or implementation.
Network: Only talks to `api.riddledc.com` — hardcoded allowlist enforced at runtime ... The plugin cannot read your conversations, memory, or other plugins' data
Treat the claims as claims to verify in the installed package, not as proof from this SKILL.md alone.