Abby Browser
ReviewAudited by ClawScan on May 10, 2026.
Overview
Abby Browser mostly matches its browser-control purpose, but it deserves review because it gives broad page-control powers and one helper can turn a selector into executable browser JavaScript.
Install only if you want the agent to control a browser. Supervise it on logged-in, payment, admin, or publishing pages, and ask the author to escape selector inputs and make confirmation/logging enforceable rather than just documented.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A crafted selector could make the browser run unintended JavaScript in the active page, potentially reading page data, changing forms, navigating, or triggering actions beyond text extraction.
The selector argument is inserted into JavaScript without escaping and then executed through the browser evaluate command.
js = f'document.querySelector("{selector}").innerText'
cmd = ['openclaw', 'browser', 'evaluate', '--fn', js]Escape the selector with JSON encoding or avoid raw evaluate for selectors; require explicit confirmation for any evaluate-based action.
If used on a logged-in site, the agent could submit forms or make account changes if the user approves or if the agent is allowed to act too freely.
The wrapper can fill fields and optionally submit forms in the active browser session. This matches the browser-control purpose, but it can be high-impact on account, payment, publishing, or admin pages.
cmd = ['openclaw', 'browser', 'fill', '--fields', fields_json]
if submit:
cmd.append('--submit')Use this skill only with close supervision on sensitive sites, and require explicit user approval before form submission, purchases, posts, deletes, or account changes.
Users may over-trust the skill to prevent or record dangerous browser actions when those controls are not clearly enforced by the artifacts.
The skill makes safety assurances about confirmation and logging, but the provided scripts are immediate wrappers around browser commands and do not show an explicit approval or operation-log implementation.
## 安全考虑 - ❌ 不自动执行危险操作 - ✅ 执行前确认 - ✅ 记录操作日志
Make confirmation and logging requirements explicit in executable code or platform configuration, and clarify which actions require approval.
Sensitive information visible in the browser may be exposed to the agent, and malicious webpage text could influence later agent behavior if trusted.
Page snapshot output is returned into the agent context. That is purpose-aligned for extraction, but the content can include private page data or untrusted webpage instructions.
cmd = ['openclaw', 'browser', 'snapshot'] ... 'content': result.stdout
Avoid snapshots on private pages unless needed, and treat extracted webpage text as untrusted content rather than instructions.
Users have less provenance information and may not know all local prerequisites before use.
The registry provides limited provenance and no install/dependency contract, while SKILL.md states dependencies on OpenClaw browser and Chrome/Chromium.
Source: unknown Homepage: none ... Install specifications: No install spec — this is an instruction-only skill.
Publish a source/homepage link and declare the OpenClaw browser and Chrome/Chromium requirements in metadata.