ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Online Shopping

v1.0.0

Browse and buy products from online stores, including Cloudflare-protected sites. Use when the user asks to find, compare, or order products online. Handles...

1· 630·0 current·0 all-time
byFilip Martinsson@filipmartinsson
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (browse and buy on protected sites) aligns with the included scripts and docs: setup.sh installs xvfb, Patchright, and a browser; browse.mjs uses Patchright to navigate, extract text, screenshot, and operate checkout forms. These requirements are proportionate for the stated goal of bypassing anti-bot detection and automating shopping flows.
Instruction Scope
SKILL.md and the scripts instruct the agent to search, extract product info, fill checkout forms, and update a local preferences file with addresses/payment-method names. This stays within the shopping scope but implies handling of sensitive user data (addresses, payment method names) and directs bypassing anti-bot measures (Patchright). The skill explicitly says to stop before paying, which limits risk, but filling payment/checkout forms is intrinsic and sensitive.
Install Mechanism
There is no registry install spec, but setup.sh installs Patchright via npm and uses npx to install Chrome/Chromium and system deps; it also installs xvfb via the system package manager (sudo). This is expected for a stealth browser but carries moderate system-level risk (requires sudo, writes into OpenClaw's install path, and downloads packages from npm). No obscure URLs or archive downloads are used.
Credentials
The skill requests no environment variables or external credentials. However it expects and encourages storing user contact/addresses and payment method names in references/preferences.md and may read USER.md. Access to that local sensitive data is proportional for checkout automation but should be considered sensitive by the user.
Persistence & Privilege
always:false and the skill does not request persistent platform privileges. The installer does modify the local OpenClaw installation directory (npm install patchright) and places a persistent browser context in /tmp, which is standard for this workflow and within scope, but users should be aware of those artifacts.
Assessment
This skill appears to do what it claims, but it has real system impact and handles sensitive data. Before installing: (1) Review setup.sh because it runs package manager installs (sudo) and npm installs into your OpenClaw path—run it in a VM or controlled environment if you’re cautious. (2) Expect Chrome/Chromium and xvfb to be installed; check the integrity of any npm packages (patchright). (3) The skill will read and persist addresses and payment-method names in references/preferences.md and may fill checkout forms—do not store full card numbers there, and only provide payment details interactively when needed. (4) Consider legal/terms-of-service implications: Patchright is explicitly used to evade bot detection (Cloudflare); using it may violate some sites' terms. (5) If you proceed, inspect references/preferences.md and USER.md contents and run setup manually step-by-step rather than blindly executing the script.

Like a lobster shell, security has layers — review code before you run it.

latestvk9759gb3c5zp4ms4b28ven0c4581q9c7

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments