Back to skill
Skillv1.0.0
VirusTotal security
Browser Stagehand · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMar 29, 2026, 10:51 AM
- Hash
- 53e8bbfbbeb4d1380e56d50882434c4ef1d7dd7e0f3a1df944129334b76809ca
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: openclaw-stagehand Version: 1.0.0 The skill bundle provides a browser automation interface using Stagehand and Playwright, granting the agent broad 'Bash' execution privileges. While aligned with its stated purpose, it introduces high-risk behaviors including persistent browser profiles ('.chrome-profile/'), automatic downloads to the local filesystem ('./agent/downloads/'), and the ability to access internal networks. The combination of shell access and the processing of untrusted web content makes the system highly vulnerable to indirect prompt injection attacks. Furthermore, the documentation references a non-existent model version ('claude-haiku-4-5-20251001') and future-dated timestamps, which is anomalous.
- External report
- View on VirusTotal