Back to skill
Skillv1.0.0
VirusTotal security
Browserbase Persist with captcha · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 3:42 AM
- Hash
- 9ad4c5b4e048f969048098f7743cb0abc74036560202b593dc5501415e663928
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: browserbase Version: 1.0.0 The skill is designed for legitimate browser automation via the Browserbase service. It handles sensitive data like API keys, browser cookies, and can perform file operations (screenshots, recordings) to user-specified paths. The primary reason for 'suspicious' classification is the `execute-js` command in `scripts/browserbase_manager.py`, which allows the OpenClaw agent to execute arbitrary JavaScript code within the remote cloud browser session. While this is a core feature for browser automation, it presents a significant Remote Code Execution (RCE) vulnerability if the agent's input is compromised via prompt injection, potentially leading to unauthorized actions or data exfiltration within the remote browser context. There is no evidence of intentional malicious behavior by the skill itself, such as exfiltrating data to unauthorized endpoints or installing backdoors on the local system.
- External report
- View on VirusTotal