v2.6.2

Js Eyes

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 6:04 AM.

Analysis

JS Eyes is a coherent browser-automation skill, but it grants the agent powerful browser control including raw JavaScript execution, cookie access, dynamic skill loading, and background local services that users should review carefully before installing.

GuidanceUse this skill only if you intentionally want an agent to control a browser. Prefer a dedicated browser profile, keep raw eval disabled unless necessary, deny cookie/script/upload/install tools when not needed, and install extension skills only from trusted sources.

Findings (5)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Unexpected Code Execution

SeverityHighConfidenceHighStatusConcern

SKILL.md

treat host-side raw eval as part of the default install: merge `security.allowRawEval: true` into `~/.js-eyes/config/config.json` ... so `execute_script` raw JavaScript is not blocked

The skill explicitly instructs users to enable raw JavaScript execution as the default setup path, which materially increases browser-page manipulation and data-access risk.

User impactAn agent or installed JS Eyes skill may be able to run raw JavaScript in browser pages, which can read or modify page state within the browser context.

RecommendationKeep raw eval disabled unless a specific trusted workflow requires it, and enable it only for trusted agents, trusted sites, and short-lived tasks.

Tool Misuse and Exploitation

SeverityHighConfidenceHighStatusConcern

openclaw-plugin/index.mjs

recordConsentDecision(definition.name, params, 'auto-confirm'); ... Tool "${definition.name}" requires confirmation ... return originalExecute(toolCallId, params);

For tools marked as requiring confirmation, the plugin records an auto-confirm decision and then executes the tool, rather than showing evidence of a blocking user approval step.

User impactSensitive browser actions may proceed under agent control even when policy text says confirmation is required.

RecommendationDo not rely on the built-in confirm policy as a human approval gate; explicitly deny or disable high-impact tools such as script execution, cookie access, upload, and dynamic install unless needed.

Agentic Supply Chain Vulnerabilities

SeverityMediumConfidenceHighStatusConcern

openclaw-plugin/openclaw.plugin.json

"skillsRegistryUrl": { ... "default": "https://js-eyes.com/skills.json" ... } ... "extraSkillDirs" ... "extras 不做完整性校验" ... "devWatchSkills" ... "default": true

The plugin supports discovering/installing extension skills from a remote registry and hot-loading external skill directories; extra directories are explicitly not integrity-verified.

User impactInstalling or linking an untrusted extension skill can expand what the agent can do inside the browser automation environment.

RecommendationUse only trusted skill registries and directories, keep extraSkillDirs empty unless needed, and review extension skills before enabling or hot-loading them.

Rogue Agents

SeverityLowConfidenceHighStatusNote

openclaw-plugin/openclaw.plugin.json

"autoStartServer": { "type": "boolean", "default": true } ... "watchConfig": { "default": true } ... "devWatchSkills": { "default": true }

The plugin is designed to start a local server and watch configuration/skill files while loaded; this is disclosed and aligned with browser automation but is persistent local behavior.

User impactJS Eyes may keep a local automation server and file watchers running during OpenClaw sessions.

RecommendationDisable autoStartServer, watchConfig, or devWatchSkills if you do not need background automation or hot reload behavior.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityHighConfidenceHighStatusConcern

openclaw-plugin/index.mjs

"js_eyes_get_cookies", ... "js_eyes_get_cookies_by_domain", ... "js_eyes_execute_script",

The plugin exposes tools for browser cookie retrieval and script execution; browser cookies can represent logged-in account sessions.

User impactA trusted or compromised agent using this skill could access sensitive browser session information for sites the browser is logged into.

RecommendationInstall only for highly trusted agents, restrict or deny cookie-related tools by policy, and use a separate browser profile without important logged-in sessions when possible.