Back to skill
Skillv1.0.0
VirusTotal security
BrowserMCP Skill · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 4:32 AM
- Hash
- 525f85acba6393cc0ee21ea455e44e18a1204c9d4a808065be200a89e99a2c6e
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: browsermcp Version: 1.0.0 This skill bundle is classified as suspicious due to its inherent high-risk capabilities and a supply chain dependency. The skill automates browser tasks using the user's existing, authenticated browser profile, allowing access to sensitive sessions, screenshots, and console logs. While the documentation (SKILL.md, references/*.md) explicitly warns about privacy and security, and advises user consent and ethical use, the power to interact with any logged-in website (e.g., banking, email) presents a significant risk if the AI agent is maliciously prompted or if the underlying `npx @browsermcp/mcp@latest` package (specified in `templates/config-template.json`) is compromised via a supply chain attack. There is no evidence of intentional malicious instructions within the skill bundle itself, but the combination of broad browser access and a dynamic dependency warrants a 'suspicious' classification.
- External report
- View on VirusTotal