Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
urlgo
v3.1.0All network operations must be handled through this skill
⭐ 0· 70·0 current·0 all-time
byfslong@fslong520
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The name/description and the files consistently describe a browser-control skill that centralizes web/network actions via a local Chrome/Edge CDP on port 9022. Requiring access to local browser processes and a debugging port is consistent with that purpose. However, the scale of system-level operations (pkill/lsof/kill, starting browsers from system paths) is higher-privilege than many users would expect from a generic 'network operations' skill and may be surprising.
Instruction Scope
The SKILL.md and step files explicitly instruct the agent to run local system commands: curl against localhost:9022, pkill to terminate browser processes, start Edge/Chrome with --remote-debugging-port=9022, use lsof/kill, and then connect via browser_use connect_cdp. After connecting the skill exposes operations that can read cookies, history, DOM snapshots, network requests, and screenshots. These actions go beyond simple navigation: they can access sensitive local browser state and require modifying running processes. There are no instructions to restrict which browser profile is used or to sandbox the browser.
Install Mechanism
This is an instruction-only skill with no install spec and no code files — no artifacts are downloaded or written by the skill itself. That reduces installation risk, but runtime commands still interact with system processes and files.
Credentials
The skill declares no environment variables or external credentials, but by enabling CDP and connecting to a local browser it implicitly grants access to cookies, history, and authenticated sessions. That implicit access is sensitive and not reflected in requires.env. Additionally, SKILL.md metadata contains auto_load/global flags (auto_load: true, global: true) which conflict with the registry-level flags (always:false) and may indicate unexpected auto-enablement behavior.
Persistence & Privilege
Registry flags show always:false, but SKILL.md metadata includes auto_load: true and global: true — this inconsistency is concerning because auto-loading a skill that can manage browsers and access cookies increases attack surface. The skill allows agent autonomous invocation (default), and combined with its ability to start/kill browsers and access CDP-managed data, an autonomous agent could perform sensitive actions without clear user consent.
What to consider before installing
Before installing, consider that this skill will: (1) attempt to kill existing browser processes and start browsers with --remote-debugging-port=9022, which can interrupt your sessions; (2) enable CDP connections that can read cookies, history, network requests, DOM, and screenshots — effectively exposing logged-in sessions; (3) run local shell commands (pkill, lsof, kill, curl) that require system-level access; and (4) contains SKILL.md metadata (auto_load/global) inconsistent with registry flags, which may cause unexpected auto-enablement. If you need this functionality, run it only in an isolated environment or machine account without sensitive browser profiles, require explicit user consent before any kill/start operations, verify whether the skill will be auto-loaded, and restrict autonomous invocation. If you cannot accept those risks, do not install or grant this skill elevated privileges.Like a lobster shell, security has layers — review code before you run it.
automationvk977ga58263aktydjt071vsmg584zwcjbrowservk977ga58263aktydjt071vsmg584zwcjcdpvk977ga58263aktydjt071vsmg584zwcjlatestvk977ga58263aktydjt071vsmg584zwcjnetworkvk977ga58263aktydjt071vsmg584zwcjwebvk977ga58263aktydjt071vsmg584zwcj
License
MIT-0
Free to use, modify, and redistribute. No attribution required.