Grok Browser
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill's purpose is clear, but it asks the agent to control your normal Chrome session through a browser relay, which can use existing logins and browser state.
Review this skill carefully before installing. If you use it, run it only with a dedicated Chrome profile for Grok, verify the Browser Relay extension and attach script, avoid leaving secrets on the clipboard, and confirm each browser action is targeting grok.com.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may act through your live browser session and existing account login while interacting with Grok.
The skill directs the agent to use the user's normal Chrome profile rather than an isolated profile, which may carry existing Grok or other browser login/session state.
- Chrome with Browser Relay extension - Use `profile=chrome` (never `profile=clawd`)
Use a dedicated Chrome profile for Grok with only the needed account signed in, and do not use this skill with a browser profile that contains unrelated sensitive sessions.
A malformed prompt or wrong target tab could lead the agent to execute unintended browser-page script or interact with the wrong browser content.
The workflow uses raw JavaScript evaluation in the browser and tells the agent to insert the query into code; without explicit escaping and target checks, this is a broad automation path in a real Chrome profile.
Use JavaScript evaluate ... `editor.innerText = 'YOUR_QUERY_HERE'`
Prefer safer text-entry actions when possible; if JavaScript evaluation is necessary, escape query text safely and confirm the target tab is exactly grok.com before acting.
You must separately trust and verify the Browser Relay extension and local attach script before the skill can work safely.
The skill depends on a browser extension and a hard-coded local helper script that are not included in the reviewed artifact set.
Chrome with Browser Relay extension ... `/Users/eason/clawd/scripts/attach-browser-relay.sh`
Check the Browser Relay extension source and permissions, verify the attach script path and contents, and avoid running unknown local helper scripts.