ClawHub
Back to skill
v0.1.1

AIGroup Browser Skill

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 8:38 AM.

Analysis

The skill is coherent for opening real browser pages, but it uses live browser profiles and can expose existing browser tab titles or URLs, so it deserves careful review before installation.

GuidanceReview this carefully before installing. It appears designed for its stated browser-opening purpose and does not show destructive behavior, but it should ideally run with dedicated browser profiles and stricter page matching so private session state or unrelated tab URLs are not exposed.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceHighStatusNote
scripts/open_page.py
CN_CMD = "/home/jack/.local/bin/oc-cn" ... GLOBAL_CMD = "/home/jack/.local/bin/oc-global" ... AUTO_CMD = "/home/jack/.local/bin/oc-browser"

The reviewed package calls local helper binaries that are not included in the artifact contents, so the final browser-launch behavior depends on host-installed executables.

User impactThe safety of the installed skill partly depends on the local oc-cn, oc-global, and oc-browser commands present on the machine.
RecommendationInstall only on hosts where those helper binaries are trusted; document their source, version, and expected behavior, and align metadata with the actual executable paths.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityMediumConfidenceHighStatusConcern
README.md
profile state, region routing, or anti-bot behavior matter

The skill is designed to use existing real browser profiles rather than an isolated or unauthenticated fetch path, so opening a URL may involve the user's persistent browser identity or logged-in session state.

User impactSites opened through this skill may see the user's real browser profile state for that profile, such as existing login/session context for that site.
RecommendationUse only with dedicated, low-privilege browser profiles or require explicit confirmation before opening sensitive sites; document which profiles are used and restrict acceptable URL schemes/domains if possible.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning
SeverityMediumConfidenceHighStatusConcern
scripts/open_page.py
data = fetch_json(f"http://127.0.0.1:{port}/json/list") ... return pages[0] if pages else None ... "title": (page.get("title") or "").strip(), "url": page.get("url", "")

The script reads all page entries from the local browser CDP endpoint and, if no requested-host match is found, falls back to the first page before returning its title and URL.

User impactIf the requested page is not found or does not match cleanly, the agent may receive the title and URL of an unrelated existing browser tab, which could reveal private browsing context or confuse the task result.
RecommendationOnly return a page whose URL matches the requested target, and otherwise return an error; avoid falling back to arbitrary existing tabs.