Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Auto Tech Research
v1.0.0全自动化技术深度调研 Skill。通过 Chrome DevTools Protocol 操控浏览器, 模拟真人搜索行为,在国内外主流平台检索内容,确保搜索结果与人工操作一致。 输出 HTML 格式的结构化调研报告。 核心原则: - 不使用 web_fetch,全程使用 browser(CDP 协议) - 搜索行...
⭐ 0· 42·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill claims to perform CDP/browser-driven research and the SKILL.md instructions match that purpose (navigate, snapshot, extract, generate HTML). However the package includes a large Python script (scripts/auto-research.py) and README usage examples that run it, while the registry metadata describes this as instruction-only with no install spec — this mismatch (embedded runnable code but no declared install/run guidance) should be clarified.
Instruction Scope
The runtime instructions explicitly instruct using a 'chrome-relay' profile (the user's logged-in Chrome) for platforms that require login. That implies access to cookies, sessions, and any signed-in accounts. The SKILL.md does not document consent, limits, or which data is read from those profiles, and it instructs broad navigation/snapshotting across many third-party sites — a real privacy surface that should be declared and controlled.
Install Mechanism
No install spec (instruction-only) is lower risk, but the repo contains a ~27KB Python script and examples that run python3 scripts/auto-research.py. It's unclear whether the agent or user is expected to execute that script; the presence of executable code increases the attack surface and should be explained even if no installer is provided.
Credentials
The skill declares no required env vars or credentials, yet its behavior depends on access to browser profiles (openclaw and chrome-relay). Accessing chrome-relay effectively gives the skill access to session cookies and logged-in accounts (WeChat, Zhihu, Bilibili, Google, etc.). That level of access is significant and is not declared as a required credential/config entry.
Persistence & Privilege
always is false and there are no claims of permanent presence or modifying other skills/configs. The agent-autonomous invocation default applies but is not by itself a new concern in this package.
What to consider before installing
Before installing or running this skill: (1) Review scripts/auto-research.py fully — any included Python can run network requests or exfiltrate data. (2) Verify how the agent will access 'chrome-relay' and whether you are comfortable allowing snapshots of pages accessed while logged into your accounts (this can expose cookies, messages, private profiles). (3) If you only need public-web scraping, avoid enabling chrome-relay or run the skill in an isolated/browser profile with no logins. (4) Ask the publisher to explain why a runnable script is included despite 'instruction-only' metadata, and request explicit documentation of data flows (what is stored, where reports are written, and whether any external endpoints are contacted). (5) If you will run the Python script locally, do so in a sandbox or VM and inspect its network activity first.Like a lobster shell, security has layers — review code before you run it.
latestvk975rq2kct3sbvg2xa7c9x2tsh84rnsx
License
MIT-0
Free to use, modify, and redistribute. No attribution required.