Back to skill
Skillv1.0.0
VirusTotal security
Abby Browser · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:18 AM
- Hash
- 87f2e6566fefcf62a8ad834b98ddf570921c88623951cfd22c77cc5995f6f616
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: abby-browser Version: 1.0.0 The skill is classified as suspicious due to a critical JavaScript injection vulnerability found in `scripts/extract.py`. The `extract_text` function directly embeds the `selector` argument, taken from `sys.argv`, into a JavaScript string executed via `openclaw browser evaluate --fn`. This lack of input sanitization allows an attacker to inject arbitrary JavaScript code into the browser context, potentially leading to data exfiltration (e.g., cookies, local storage, page content) or other client-side attacks. While there is no clear evidence of intentional malicious behavior by the skill developer, this vulnerability presents a significant security risk.
- External report
- View on VirusTotal