Claude Chrome
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: claude-chrome Version: 1.0.0 The skill instructs the AI agent to execute the `claude` binary with the `--dangerously-skip-permissions` flag, which is explicitly stated to "auto-approve all actions." While presented as necessary for automation, this flag grants broad, unchecked capabilities to the `claude` tool. This significantly increases the risk of a subsequent malicious prompt to the agent being able to perform unauthorized actions (e.g., data exfiltration, arbitrary browser interaction, or local file access) without user intervention, even though the skill itself does not contain explicit malicious instructions or IOCs. This risky capability is highlighted multiple times in SKILL.md.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could click, navigate, submit forms, or perform other browser actions without stopping for confirmation.
The skill instructs use of a permission-bypass flag as the standard workflow for browser automation, removing per-action approval for a tool that can interact with web pages.
`--dangerously-skip-permissions` — auto-approve all actions (required for automation); `Always use --dangerously-skip-permissions for automated runs`
Use this only for narrow, trusted tasks. Prefer a dedicated browser profile or test account, and avoid auto-approval for sensitive sites or actions that can post, purchase, change settings, or submit data.
If Chrome is signed in to websites, the automation may act within those web sessions or read page content available to that browser context.
The skill relies on delegated Chrome extension permissions and gives Claude Code broad browser interaction authority, but does not define domain, profile, account, or action boundaries.
Claude Code gains browser tools — it can navigate pages, click elements, fill forms, read content, and more. ... Domain permissions ... may require user approval for new domains
Grant domain permissions deliberately, use a separate Chrome profile with minimal logins, and avoid running this against accounts or pages where unintended clicks or form submissions would matter.
A browser task may keep operating after the user thinks it failed or timed out.
The skill normalizes browser automation continuing after an apparent command error or timeout, without clear stop, kill, or monitoring instructions.
Commands will error immediately but continue running in the background. Results arrive via system messages when complete. ... Be aggressive with timeouts - commands complete in background even after gateway timeout
Add explicit process monitoring and cancellation steps, avoid long-running background browser sessions, and confirm completion before starting sensitive follow-up tasks.
The safety of the workflow depends on the separately installed Claude Code CLI and Chrome extension, which were not reviewed here.
The skill itself is instruction-only and depends on an external Claude Code binary, while the registry metadata does not provide a source or homepage for provenance review.
Source: unknown; Homepage: none; Required binaries (at least one): claude
Install Claude Code and its Chrome extension only from trusted official sources and keep them updated.