Grok Browser
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: grok-browser Version: 1.0.0 The skill is classified as suspicious due to the execution of a hardcoded local script (`/Users/eason/clawd/scripts/attach-browser-relay.sh`) and the use of `browser action=act` with `kind: "evaluate"` to execute arbitrary JavaScript within the browser, both detailed in `SKILL.md`. While these capabilities are arguably necessary for browser automation, they represent significant attack surfaces and high-risk behaviors if the script or browser environment is compromised, or if the agent's input is not properly sanitized, without clear malicious intent from the skill itself.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may act through your live browser session and existing account login while interacting with Grok.
The skill directs the agent to use the user's normal Chrome profile rather than an isolated profile, which may carry existing Grok or other browser login/session state.
- Chrome with Browser Relay extension - Use `profile=chrome` (never `profile=clawd`)
Use a dedicated Chrome profile for Grok with only the needed account signed in, and do not use this skill with a browser profile that contains unrelated sensitive sessions.
A malformed prompt or wrong target tab could lead the agent to execute unintended browser-page script or interact with the wrong browser content.
The workflow uses raw JavaScript evaluation in the browser and tells the agent to insert the query into code; without explicit escaping and target checks, this is a broad automation path in a real Chrome profile.
Use JavaScript evaluate ... `editor.innerText = 'YOUR_QUERY_HERE'`
Prefer safer text-entry actions when possible; if JavaScript evaluation is necessary, escape query text safely and confirm the target tab is exactly grok.com before acting.
You must separately trust and verify the Browser Relay extension and local attach script before the skill can work safely.
The skill depends on a browser extension and a hard-coded local helper script that are not included in the reviewed artifact set.
Chrome with Browser Relay extension ... `/Users/eason/clawd/scripts/attach-browser-relay.sh`
Check the Browser Relay extension source and permissions, verify the attach script path and contents, and avoid running unknown local helper scripts.