Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Cdp Browser
v2.0.1CDP browser control at localhost:9222. Use when you need to inspect tabs, take screenshots, navigate, scroll, post to X, or run JS in a persistent browser se...
⭐ 0· 911·6 current·6 all-time
bygostlight@gostlightai
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The skill claims to control a browser via CDP on localhost:9222 and to be able to inspect tabs, screenshot, navigate, scroll, run limited queries, and optionally post to X. The included files (cdp.js, pw.js, helper scripts) and the Playwright dependency align with that purpose. The Telegram confirm flow and a workspace config file are reasonable additions given the described UX.
Instruction Scope
SKILL.md instructs the agent to run CLI scripts from the skill directory, write/read a pending-tweet file under the OpenClaw workspace, and (optionally) send a Telegram message via the OpenClaw CLI. These actions are in-scope for a browser-control + confirm-post feature. The agent will read/write files in ~/.openclaw/workspace(.cdp-browser) and may call openclaw message send; both are documented and required for the Telegram flow.
Install Mechanism
There is no formal install spec in the registry metadata (instruction-only), but package.json and package-lock.json declare a Playwright dependency. The README suggests running npm install. Playwright is a standard npm package (registry), but it is heavy and can download browser binaries during installation — this is expected for a Playwright-based tool but is a practical operational consideration.
Credentials
The skill declares no required env vars or credentials. The code does use OPENCLAW_WORKSPACE (optional) and falls back to HOME/USERPROFILE to locate the workspace for saving pending state; this is proportional to the documented feature. It does not request unrelated secrets or credentials. Control over a local CDP endpoint (localhost:9222) is powerful but matches the skill's purpose.
Persistence & Privilege
The skill is not marked always:true and does not request elevated platform privileges. It writes only to its own workspace subdirectory for pending tweets and does not modify other skills' configs. Autonomous invocation is allowed (platform default) but not unusual for this skill type.
Assessment
This skill appears to do what it says: control a local Chromium instance over CDP and optionally assist with posting to X using a Telegram confirm flow. Before installing, note:
- You will need Chromium running with --remote-debugging-port=9222 and likely to run npm install in the skill dir (Playwright dependency), which may download browser binaries.
- The skill can control pages in that browser (navigate, screenshot, fill and click); keep the CDP endpoint local and protected because it grants full browser control.
- If you enable the Telegram confirm button, you must copy the example config into your OpenClaw workspace; the skill will write a pending-tweet file there and use openclaw message send to post the inline button. Review .cdp-browser.json and the pending-tweet file location to ensure they meet your privacy requirements.
- Review the code (pw.js, cdp.js, and scripts/send-tweet-confirm.sh) to confirm the exact selectors and flows match your expectations, and be aware screenshots or page queries may capture sensitive content.
If you want higher assurance, run npm install in an isolated environment first and inspect what Playwright downloads, and test with an unprivileged local browser profile.Like a lobster shell, security has layers — review code before you run it.
latestvk97estkxy3yg3ebxftckzhcjr581yf60
License
MIT-0
Free to use, modify, and redistribute. No attribution required.