browser-session-archive
Security checks across malware telemetry and agentic risk
Overview
The skill appears to archive AI-chat pages locally, but it uses powerful Chrome debugging access that can read logged-in browser pages beyond the stated share-link scope.
Review before installing. If you use it, run Chrome with a temporary profile that is not signed into unrelated accounts, keep the debug port local, only provide intended ChatGPT/Claude share URLs, and protect or delete the saved ~/LookBack archives.
VirusTotal
63/63 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent or user supplies the wrong URL, the skill can load and save authenticated browser page content, not only ChatGPT or Claude share pages.
The script drives Chrome DevTools Protocol to open the caller-supplied URL and read the rendered DOM, but the implementation shown does not enforce the stated chatgpt.com/share or claude.ai/share scope.
const TARGET_URL = process.argv[2] || process.env.TARGET_URL; ... params: { url: targetUrl, background: true } ... expression: 'document.documentElement.outerHTML'Restrict TARGET_URL to explicit chatgpt.com/share and claude.ai/share patterns, and require user confirmation before opening or capturing pages through CDP.
The skill may use your active Chrome login/session context, so content from accounts you are signed into could be accessible to the capture flow.
The skill's own reference notes that Chrome debugging can reuse an existing browser session and bypass login state; the main script connects to that debug port to capture pages.
调试端口:不要在公共网络暴露调试端口 ... 会话复用:复用已有 Chrome 会话可绕过登录态
Use a separate temporary Chrome profile for this skill, keep the debugging port bound to localhost, close it after use, and avoid running it against non-share or sensitive account pages.
A global dependency can affect the user's environment and inherits normal npm supply-chain risk.
The skill depends on an external npm package installed globally; this is expected for the WebSocket CDP client but is not pinned in the user-facing setup command.
npm install -g ws
Prefer a local, pinned dependency installation or a lockfile-backed setup rather than a global unpinned install.
Archived HTML, Markdown, and metadata may remain readable by local users, backups, sync tools, or later agent tasks.
The script persists full captured HTML and metadata locally, which is purpose-aligned but can contain sensitive conversation or page content.
fs.writeFileSync(htmlPath, html); ... fs.writeFileSync(metaPath, JSON.stringify(metadata, null, 2));
Store archives in a protected directory, avoid syncing them unintentionally, and delete raw HTML snapshots when they are no longer needed.