ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Browser Zombie Cleaner.Removed

v1.0.0

Detect and clean up zombie browser processes left by OpenClaw's browser tool. When the OpenClaw Gateway restarts, Playwright-launched browser processes get o...

0· 80·0 current·1 all-time
byMadoka@guoqunabc·duplicate of @guoqunabc/browser-zombie-cleaner
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name, description, SKILL.md, and the included shell script all focus on detecting and optionally killing orphaned OpenClaw-launched browser processes. No unrelated credentials, binaries, or install steps are requested.
!
Instruction Scope
The SKILL.md restricts scope to the current user's OpenClaw browser processes and the script implements that via /proc and ps. However, there are a few implementation issues: an early ps parsing branch is left effectively unused, and the is_orphaned() function treats failures to read /proc/$ppid/cmdline as 'orphaned' (it returns success on read error). That behavior can incorrectly mark live processes as orphaned, which combined with --kill could terminate legitimate browser processes. The script also assumes Linux/macOS /proc and ps semantics (Windows unsupported as documented).
Install Mechanism
Instruction-only skill with an included shell script; there is no install spec, no downloads, and nothing is written to the system beyond logs created at runtime. This is the lowest-risk install model.
Credentials
No required environment variables or credentials. The script optionally honors OPENCLAW_ZOMBIE_LOG for log path and has a sensible default /tmp/openclaw/ path. No unrelated secrets or config paths are requested.
Persistence & Privilege
always is false and the skill does not request persistent/privileged presence. The script is intended to be run manually or integrated into health checks; it does not modify other skill configs or system-wide settings.
What to consider before installing
This skill appears to do what it claims (detect and optionally kill orphaned OpenClaw browser processes) and does not request secrets or installs remote code. However, the script has a safety/bug risk: if it cannot read a parent's cmdline it treats that parent as 'orphaned', which can cause false positives. Before using --kill in production, run the script in default (detect-only) mode and carefully inspect its output and the log (/tmp/openclaw/zombie-browser-cleanup.log). Recommended precautions: - Run with no flags first and review the reported PIDs and command lines. - Use a conservative --min-age (e.g., >7200s) when first enabling --kill. - Consider auditing and patching the script: change error handling in is_orphaned() so read failures do NOT default to 'orphaned' (i.e., return non-orphan on read errors), and ensure parent PID checks are robust before sending signals. - Test on a non-production system or with a single test user to confirm behavior. If you want, I can point out exact lines to change to avoid the misclassification and suggest safer kill logic (double-check PPID==1 and that the parent process truly does not exist before terminating children).

Like a lobster shell, security has layers — review code before you run it.

latestvk976wjz4v17yfdh803fzwfxdrn83d1fx
80downloads
0stars
1versions
Updated 3w ago
v1.0.0
MIT-0
Madoka@guoqunabc
latest
Download

Browser Zombie Cleaner

Detect and clean up orphaned browser processes left behind when OpenClaw Gateway restarts.

The Problem

OpenClaw's browser tool uses Playwright to launch Chrome/Chromium/Firefox. When the Gateway restarts (update, crash, manual restart), these browser child processes become orphans — their parent PID changes to 1 (init/systemd). They keep running, consuming memory, and accumulate over days.

Safety Design

This tool is safe by default:

  1. Detect-only mode is the default — no processes are killed without --kill
  2. Triple verification before killing: OpenClaw user-data-dir pattern + orphaned PPID + minimum age
  3. Only current user's processes — never touches other users
  4. Only OpenClaw browsers — identified by ~/.openclaw/browser/ in the command line
  5. Graceful shutdown — SIGTERM first, SIGKILL only after grace period
  6. Audit log — every action is logged to /tmp/openclaw/zombie-browser-cleanup.log
  7. No root required — runs as regular user

Usage

Detect only (safe, default)

bash <skill_dir>/scripts/cleanup-zombie-browsers.sh

Output example:

Found 8 OpenClaw browser processes, 5 are zombies (1200MB total)
  ZOMBIE: PID=66301 PPID=1 age=3d 2h mem=388MB
  ZOMBIE: PID=152356 PPID=1 age=2d 4h mem=168MB
  ...
Run with --kill to terminate these zombie processes

Detect and clean

bash <skill_dir>/scripts/cleanup-zombie-browsers.sh --kill

Options

OptionDefaultDescription
--killoffActually terminate zombie processes
--min-age N3600 (1h)Only target processes older than N seconds
--grace N10Seconds between SIGTERM and SIGKILL
--jsonoffOutput as JSON (for programmatic use)
--log PATH/tmp/openclaw/zombie-browser-cleanup.logLog file location
--pattern STR.openclaw/browser/Pattern to identify OpenClaw browsers

Integration with Health Checks

Add to your health check script or heartbeat:

# Detect and report (no kill)
bash /path/to/cleanup-zombie-browsers.sh

# Auto-clean with safety margin (processes must be >2 hours old)
bash /path/to/cleanup-zombie-browsers.sh --kill --min-age 7200

How It Identifies Zombies

A process is classified as a zombie browser if ALL of these are true:

  1. Browser process — executable name matches chrome/chromium/brave/msedge/firefox
  2. OpenClaw origin — command line contains .openclaw/browser/ (the user-data-dir used by OpenClaw)
  3. Orphaned — PPID is 1 (init) or systemd, meaning the parent Gateway process is gone
  4. Old enough — process age exceeds --min-age threshold (prevents killing browsers that are actively initializing)

If ANY condition is not met, the process is skipped.

Platform Support

PlatformStatusNotes
LinuxFullUses /proc filesystem for precise detection
macOSFullUses ps with etime parsing
WindowsNot yetPlanned (PowerShell-based)

Supported Browsers

All Playwright-supported browsers with OpenClaw user-data-dir:

  • Google Chrome / Chromium
  • Brave Browser
  • Microsoft Edge
  • Firefox

Exit Codes

CodeMeaning
0No zombies found, or zombies cleaned (--kill mode)
1Zombies detected but not killed (detect mode)

Comments

Loading comments...