ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Abby Browser

v1.0.0

基于 OpenClaw 的浏览器工具,支持自然语言控制网页打开、截图、点击、输入、表单填写、数据提取和页面操作。

0· 554·3 current·3 all-time
by@earnabitmore365
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill's name/description state it wraps the OpenClaw browser for actions like open, click, screenshot and extract — the included scripts invoke the 'openclaw browser' CLI exactly as expected. Minor mismatch: registry metadata lists no required binaries while both SKILL.md and the scripts require the 'openclaw' CLI and a Chrome/Chromium browser; that should be declared but is not malicious.
Instruction Scope
SKILL.md and the scripts instruct only to run OpenClaw browser commands and to operate on web pages. The scripts do execute arbitrary page JS via evaluate and return page content (expected for a browser skill). The SKILL.md claims confirmation, logging, and not auto-executing dangerous operations, but the provided scripts do not implement explicit user confirmation or logging — this documentation/implementation gap is a behavioral mismatch to be aware of.
Install Mechanism
No install spec or external downloads; the skill is instruction + local Python scripts that invoke an existing CLI. No remote code fetch, archive extraction, or third-party package installs are present in the package.
Credentials
The package requires no environment variables or credentials. It expects the local 'openclaw' CLI and a browser to be present (declared in SKILL.md). There are no requests for unrelated secrets or system credentials in code or docs.
Persistence & Privilege
always:false and no modifications to other skills or system-wide settings. The skill does not request permanent platform privileges; autonomous invocation is allowed by default but not excessive here. No self-enabling or config changes detected.
Assessment
This skill is a straightforward wrapper around the OpenClaw browser CLI and appears to do what it says. Before installing, verify you trust the source (homepage is missing and source is 'unknown'), and confirm you have the official openclaw CLI and Chrome/Chromium installed. Be aware: the scripts can execute page JavaScript and return page contents (normal for a browser tool), so do not allow use on pages containing sensitive data unless you trust the agent's actions. Also note the SKILL.md promises confirmation/logging but the shipped scripts do not implement explicit user confirmation or persistent logs — if you need those safety guarantees, ask the author for implementation or avoid using the skill for destructive or sensitive tasks.

Like a lobster shell, security has layers — review code before you run it.

latestvk972600g1wrhc9sx17saqxd3cn81krf3

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments