Back to skill
Skillv1.0.0
ClawScan security
Abby Browser · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 21, 2026, 9:39 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is a thin wrapper around the OpenClaw browser CLI and its scripts are consistent with that purpose; nothing in the package requests unrelated credentials or installs unusual software, though there are a few small documentation vs implementation mismatches you should note before use.
- Guidance
- This skill is a straightforward wrapper around the OpenClaw browser CLI and appears to do what it says. Before installing, verify you trust the source (homepage is missing and source is 'unknown'), and confirm you have the official openclaw CLI and Chrome/Chromium installed. Be aware: the scripts can execute page JavaScript and return page contents (normal for a browser tool), so do not allow use on pages containing sensitive data unless you trust the agent's actions. Also note the SKILL.md promises confirmation/logging but the shipped scripts do not implement explicit user confirmation or persistent logs — if you need those safety guarantees, ask the author for implementation or avoid using the skill for destructive or sensitive tasks.
Review Dimensions
- Purpose & Capability
- noteThe skill's name/description state it wraps the OpenClaw browser for actions like open, click, screenshot and extract — the included scripts invoke the 'openclaw browser' CLI exactly as expected. Minor mismatch: registry metadata lists no required binaries while both SKILL.md and the scripts require the 'openclaw' CLI and a Chrome/Chromium browser; that should be declared but is not malicious.
- Instruction Scope
- noteSKILL.md and the scripts instruct only to run OpenClaw browser commands and to operate on web pages. The scripts do execute arbitrary page JS via evaluate and return page content (expected for a browser skill). The SKILL.md claims confirmation, logging, and not auto-executing dangerous operations, but the provided scripts do not implement explicit user confirmation or logging — this documentation/implementation gap is a behavioral mismatch to be aware of.
- Install Mechanism
- okNo install spec or external downloads; the skill is instruction + local Python scripts that invoke an existing CLI. No remote code fetch, archive extraction, or third-party package installs are present in the package.
- Credentials
- okThe package requires no environment variables or credentials. It expects the local 'openclaw' CLI and a browser to be present (declared in SKILL.md). There are no requests for unrelated secrets or system credentials in code or docs.
- Persistence & Privilege
- okalways:false and no modifications to other skills or system-wide settings. The skill does not request permanent platform privileges; autonomous invocation is allowed by default but not excessive here. No self-enabling or config changes detected.