ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Web Access Clawhub

v1.0.0

Universal web access skill: search, fetch, browser automation via CDP Proxy. Handles login-required sites, anti-scraping bypasses, and complex web interactions.

1· 756·22 current·22 all-time
byEze@eze-is
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
Name/description claim universal web access via a CDP proxy; required binaries (node, curl) and included scripts (cdp-proxy.mjs, check-deps.sh) are consistent with that purpose. However the skill reads DevToolsActivePort and scans user Chrome profile locations (home directory) to find the debug port — a config-path / profile-file access that the registry metadata did not declare.
!
Instruction Scope
SKILL.md and the proxy API instruct the agent to: list all open tabs (targets), create background tabs, execute arbitrary JS in page context (/eval), navigate, capture screenshots to local files, and set local file paths into file inputs (/setFiles). Those primitives permit access to session-authenticated pages, extraction of page content, and a developer/agent-driven path to get local files uploaded to remote sites. The instructions also rely on reading files in user profile directories to discover Chrome — this file-system access is not called out in registry metadata.
Install Mechanism
There is no formal install spec (instruction-only), which is lower-risk overall, but the included scripts will be executed at runtime: check-deps.sh may auto-launch node to run cdp-proxy.mjs in background and write logs to /tmp. The code is fetched from the skill bundle (not a remote download), so install risk is moderate but presence of executable scripts means code will run on the user's machine when invoked.
!
Credentials
The skill requests no environment variables, but it implicitly needs access to the user's Chrome debug port and will read profile files (DevToolsActivePort) in the user's home (and LOCALAPPDATA on Windows). It exposes capabilities that touch local filesystem paths (setFiles, screenshot file path) and can operate on authenticated browser sessions — high-sensitivity access that is not reflected in the declared metadata (no required config paths listed).
Persistence & Privilege
always:false (not force-installed), but the proxy is designed to be started and kept running. Because the skill can be invoked autonomously (disable-model-invocation:false), a running proxy combined with agent autonomy increases blast radius (agent could reuse the running proxy to access browser state). This is not inherently incorrect but worth noting as a risk factor.
What to consider before installing
This skill implements a local CDP proxy that discovers and attaches to your Chrome instance and exposes powerful primitives (list open tabs, execute arbitrary JS in pages, set local file paths into file inputs, save screenshots to disk). Those abilities let the skill access authenticated pages and can be used to move local files into remote uploads or read page content that may include secrets (cookies, personal messages, dashboards). Before installing: 1) Only install if you trust the skill author and source; the registry metadata does not declare that the skill reads Chrome profile files or interacts with your local filesystem. 2) Prefer testing in a disposable Chrome profile or VM and avoid running it against a browser with sensitive, logged-in accounts. 3) Review the cdp-proxy.mjs and scripts yourself (they are bundled) and confirm you accept them starting a background Node process. 4) If you need more assurance, ask the author to explicitly declare config paths and data access in the metadata and to provide a minimal-scoped mode (read-only fetch-only mode without attaching to a real browser).

Like a lobster shell, security has layers — review code before you run it.

latestvk975wt3s70adaq047043y62qmx83xjtw

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🌐 Clawdis
Binsnode, curl

Comments