CatFee Dokobot
AdvisoryAudited by VirusTotal on Apr 22, 2026.
Overview
Type: OpenClaw Skill Name: catfee-dokobot Version: 1.0.0 The catfee-dokobot skill bundle (SKILL.md, _meta.json) provides instructions for using the `dokobot` CLI tool to perform browser automation and web scraping of dynamic content, specifically targeting financial data sites like East Money. The instructions guide the AI agent through setup, command execution, and data extraction workflows. No evidence of malicious intent, data exfiltration, or harmful prompt injection was found; the behavior is consistent with the stated purpose of browser-based data monitoring.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could read private content from sites where you are already logged in and place that content into the conversation or tool output.
The skill explicitly supports authenticated/session-based browsing through the user's real Chrome environment, but does not bound which Chrome profile, sites, accounts, or private pages may be read.
pages that require login/session ... Chrome must be open with the Dokobot extension enabled for `--local` mode to work
Use a dedicated Chrome profile with only the accounts needed for the task, approve each authenticated URL explicitly, and avoid using this skill on sensitive accounts unless you intend that content to be read.
Installing the external tooling may add software that can interact with your browser outside the reviewed skill text.
The skill depends on external global CLI, browser extension, and bridge components that are not included or version-pinned in the provided artifacts. This is expected for the stated browser-automation purpose, but users must trust those external components.
`npm install -g @dokobot/cli` ... Chrome browser with Dokobot extension installed ... `dokobot install-bridge`
Verify the Dokobot CLI, extension, and bridge from trusted sources, review their permissions, and keep them updated or remove them when no longer needed.