ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Js Eyes

v2.4.0

Install, configure, verify, and troubleshoot JS Eyes browser automation for OpenClaw.

0· 637·2 current·2 all-time
byJS@imjszhang
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
Crypto
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description, required binary (node), included plugin code, and runtime instructions all align with installing and operating a local OpenClaw browser-automation plugin (registering an OpenClaw plugin, starting a local server, handling a server token, discovering/allowlisting extension skills). There are no unrelated credentials, binaries, or config paths requested that don't match that purpose.
Instruction Scope
SKILL.md directs the agent to read/modify the user's OpenClaw config (openclaw.json), run npm install in the bundle/repo root, initialize and read a local server token, and optionally install a native messaging host. Those actions are appropriate for installing a plugin but are invasive (editing configs, creating runtime files, registering native hosts and changing allowlists). The instructions do not appear to direct any covert data exfiltration, but they do grant the skill permission to read/write local config and token files — which is expected for its functionality.
Install Mechanism
This bundle is instruction-only (no automatic install script), but SKILL.md tells operators to run `npm install` in the bundle/repo root. Running npm install can execute maintainer scripts; the project's SECURITY.md describes a hardened install flow for skills (npm ci --ignore-scripts for skill installs and integrity checks for downloaded skill bundles). There is a minor incoherence: the user-facing instructions say `npm install` while the security docs prefer locked, script-ignored installs for security-sensitive installs. This increases install-time risk but is explainable for development vs bundle workflows.
Credentials
The skill declares no required environment variables or credentials. The code optionally reads JS_EYES_SERVER_TOKEN (used only to connect to the local server) and observes OpenClaw environment variables when resolving config paths; these are proportional to the stated purpose. No unrelated secrets or external cloud credentials are requested.
Persistence & Privilege
The skill is not always-enabled and uses the normal plugin lifecycle. It writes runtime artifacts (server.token, consent logs, pending-egress files, .integrity.json manifests) and can register an optional native messaging host so the browser extension can read the server token. Those behaviors are expected for functionality but represent sensitive local persistence (token file and native host). Review the native-host install step carefully before running it because it exposes the local token to whitelisted extension IDs.
Assessment
This skill appears to do what it says: install and run a local OpenClaw browser-automation plugin. Before installing: - Backup your OpenClaw config (openclaw.json); the skill will suggest edits to that file and to tool allowlists. - Prefer the hardened install flow described in SECURITY.md for any downloaded skill bundles: use lockfiles and `npm ci --ignore-scripts` for untrusted skill installs where practical. Running `npm install` in a bundle may run package scripts — avoid running as root and inspect package.json if you have concerns. - Be aware the local server writes a `runtime/server.token` and the optional native messaging host will expose that token to whitelisted extension IDs; only install the native host if you trust the extension IDs and the machine is secure. - The skill can write consent/pending-egress records and .integrity.json files to disk; review those directories if you need to audit activity. - If you plan to enable remote binding or allowAnonymous, understand the security implications (the project defaults to loopback and token-based auth). If you want higher assurance, review the bundled code (openclaw-plugin, server-core, protocol) or run the install in an isolated environment first.
packages/protocol/skills.js:296
Shell command execution detected (child_process).
openclaw-plugin/index.mjs:222
Environment variable access combined with network send.
packages/protocol/skills.js:49
Environment variable access combined with network send.
!
packages/protocol/skills.js:21
File read combined with network send (possible exfiltration).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk97fyvazv5j22gyanx0t1ex7kh850k35

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

👁 Clawdis
OSmacOS · Linux · Windows
Binsnode

Comments