ClawHub

ClawMe

v1.0.0

Send instructions to user's real browser via ClawMe Chrome extension. Fill forms, tweet, email, click, extract — user sees and confirms each action in the si...

0· 302·0 current·0 all-time
by@dongsheng123132
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description (remote control of a Chrome extension to fill forms, click, extract, post) matches the declared requirement (CLAWME_CLIENT_TOKEN) and the SKILL.md instructions (POST to the extension backend with that token). No unrelated env vars, binaries, or install steps are requested.
!
Instruction Scope
The runtime instructions let the agent request actions that run in the user's real browser (fill forms, click, compose email/tweet, extract page content). The SKILL.md says the user 'sees and confirms' each action, but it's ambiguous whether multi-step workflows can be bulk-approved. Because 'extract' returns page content to the agent and actions run under the user's live sessions, this capability can exfiltrate sensitive data or perform actions on behalf of the user if the token or confirmation flow is misused.
Install Mechanism
Instruction-only skill (no install spec, no downloaded code). This minimizes installation-side risk; nothing is written to disk by the skill bundle itself.
Credentials
Only CLAWME_CLIENT_TOKEN (and optional CLAWME_BASE_URL) are required, which is proportionate to controlling an extension. However, that single token effectively authorizes sending commands to the user's extension and should be treated as highly sensitive (it grants browser-action capability and potential access to page contents and logged-in sessions).
Persistence & Privilege
The skill does not request 'always: true' or any system-wide persistence. It is user-invocable and can be invoked by the agent (normal platform default).
Scan Findings in Context
[no_regex_findings] expected: This is an instruction-only skill with no code files; the regex scanner had nothing to analyze. That is expected but means the SKILL.md is the primary security surface.
Assessment
This skill is internally consistent with its description, but it grants an agent the ability to control your real browser and read page content through the ClawMe extension. Before installing: (1) Only install the official, reviewed ClawMe extension from a trusted source; (2) Treat CLAWME_CLIENT_TOKEN as highly sensitive — do not expose it to untrusted agents or public repos; (3) Confirm how the extension enforces per-action user confirmation and whether workflows can be bulk-approved; (4) Prefer manual approval for each action that accesses sensitive pages (banking, email, developer consoles); (5) If you need stronger guarantees, avoid storing the token in shared environment variables or restrict agent autonomy when this skill is enabled.

Like a lobster shell, security has layers — review code before you run it.

latestvk97f874twcdcpwr9pbqndpmyh9822g6f

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🦞 Clawdis
EnvCLAWME_CLIENT_TOKEN
Primary envCLAWME_CLIENT_TOKEN

Comments