Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Enable AI Agent to retrive data from websites that need user signin
v1.0.1This skill enables an AI Agent to signin and retrieve data from websites via JS script.
⭐ 0· 905·0 current·2 all-time
byFaisal Akbar@faisalive
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The description says the skill enables sign-in and data retrieval via JS and CDP, which aligns with the code that uses a Model Context Protocol (MCP) client and a browser CDP URL. However the registry metadata lists no required environment variables or credentials while the code enforces two required env vars (CDP_URL and SERVER_URL). That metadata omission is an incoherence: a legitimate skill should declare SERVER_URL and CDP_URL as required if they are mandatory.
Instruction Scope
SKILL.md instructs the agent to hand sign-in to the user (no automated login) and to use a CDP connection when needed. But the instructions never mention SERVER_URL even though the runtime requires it, and they do not warn that the CDP_URL (a local browser debug endpoint) will be sent to the MCP server. The script sends x-cdp-url to the MCP transport headers — this is a scope creep / data-leak risk because it exposes a local debugging endpoint to a remote server.
Install Mechanism
This is an instruction + code skill that installs dependencies via npm (package.json points to @modelcontextprotocol/sdk and dotenv). There are no arbitrary downloads or scripts from untrusted URLs; dependencies are from the public npm registry which is normal but still carries typical npm package supply-chain risks.
Credentials
The skill's declared requirements say none, but the code requires CDP_URL and SERVER_URL environment variables (and optionally SIGNIN_ID). CDP_URL is highly sensitive (it exposes a remote API to control/read a browser). The skill also claims 'API key authentication' in SKILL.md but there is no declared or implemented API key env var or auth header in the script. Requiring and transmitting a local CDP URL to an external SERVER_URL is disproportionate to what the metadata indicates and risky.
Persistence & Privilege
always:false (good) but the skill connects to an external MCP server (SERVER_URL) and will include the CDP_URL header when connecting. If invoked (autonomously or by the user), that remote MCP endpoint could request actions routed to your browser CDP. The skill therefore grants a remote endpoint potential control or read access to the user's browser if the user supplies CDP_URL — this is a high-privilege capability and should be treated cautiously.
What to consider before installing
Do not install or run this skill unless you fully trust the remote MCP server and the skill author. Specific things to check or change before using it: (1) The registry metadata should declare required env vars (SERVER_URL, CDP_URL, optional SIGNIN_ID) and explain how SERVER_URL is authenticated/verified. (2) Understand that providing CDP_URL exposes a browser debug endpoint — an MCP server that receives it can control or read your browser session (cookies, pages, forms). Never provide CDP_URL for your normal browser; only use a sandboxed or disposable browser in a VM or isolated container and ensure the MCP server is trusted and uses TLS and auth. (3) Ask the author how API key authentication is implemented (SKILL.md claims API-key auth but the code doesn't set one). (4) Prefer the author remove automatic forwarding of CDP_URL to remote servers or require an explicit, documented trust/consent step. (5) If you must test, run the skill in an isolated environment (guest VM or ephemeral container) and do not use real accounts or browsers that contain sensitive cookies/credentials.Like a lobster shell, security has layers — review code before you run it.
latestvk975pv8ggh3z8m922ab23yz41n80w1ch
License
MIT-0
Free to use, modify, and redistribute. No attribution required.