Skillv1.0.0

ClawScan security

Agent Browser · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 10, 2026, 3:59 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's requests and instructions are consistent with a browser-automation helper; it doesn't ask for extra credentials or install software, but it can execute scripts in pages and will persist screenshots/data to the workspace so use with care.
Guidance: This skill appears to do what it says (browser automation) and doesn't request extra credentials or installs. Before using it: (1) Be careful when asking it to log into sites — any credentials you provide or session data could be captured in screenshots, saved files, or by scripts run on pages. (2) Expect outputs to be stored under /workspace/data/browser/ — clear or encrypt that data if it contains sensitive info. (3) If you run the agent on a remote/cloud machine, assume the agent can access the web from that environment. (4) Avoid instructing execution of untrusted JavaScript via browser_evaluate on pages that contain secrets (cookies, tokens). If you want more assurance, request the skill's implementer/source, or run tests on non-sensitive sites first.

Review Dimensions

Purpose & Capability: okName/description (browser automation: open pages, screenshot, fill forms, scrape) match the SKILL.md instructions which reference built-in browser operations (browser_open, browser_click, browser_evaluate, etc.). There are no unexpected binaries, env vars, or external services required.
Instruction Scope: noteInstructions stay within browser automation. They permit executing arbitrary page scripts via browser_evaluate and performing logins/periodic monitoring — this is expected for automation but grants the agent the ability to interact with and extract page data (including potentially sensitive data exposed in pages or cookies). SKILL.md does not instruct reading unrelated system files or env vars.
Install Mechanism: okInstruction-only skill with no install spec and no code files — lowest install risk. It expects OpenClaw's built-in browser facility to be available.
Credentials: okNo environment variables, credentials, or config paths are requested. The skill mentions '登录认证' (login) as a capability but does not require or capture credentials itself — credentials would be provided at runtime by the user. This is proportionate, but be aware runtime actions may handle secrets you supply.
Persistence & Privilege: noteThe skill writes outputs to workspace paths (/workspace/data/browser/...), so screenshots, recordings, and scraped data will be persisted. It does not request always:true or system-wide privileges, nor does it modify other skills.