Back to skill

Security audit

Stable Browser

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it says, but it enables a persistent Chrome debugging profile that can control logged-in browser sessions and does not give users enough opt-in or removal guidance.

Install only if you intentionally want OpenClaw to control a separate Chrome profile through local CDP. Avoid logging sensitive personal, financial, admin, or production accounts into that profile. Disable or remove the LaunchAgent when you are not using it, and require explicit user confirmation before any posts, purchases, deletions, or account changes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The script writes and loads a LaunchAgent that causes Chrome to auto-start on login and remain persistent via KeepAlive, which goes beyond a one-time setup action. Persistent background browser debugging increases exposure because CDP can grant powerful browser control if another local process or misconfiguration reaches the debugging port.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill recommends running `bash scripts/setup-cdp.sh` and later process-kill commands such as `pkill` without any safety warning, dry-run option, or explanation of side effects. This is dangerous because the script can alter user configuration, install a LaunchAgent, and terminate processes, which could disrupt unrelated work or introduce persistence without informed consent.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The setup instructions enable Chrome DevTools Protocol on a local HTTP port and present it as a reliability improvement, but do not warn that CDP provides powerful control over the browser, including page interaction, cookies, local storage, screenshots, and potentially authenticated session data. Even though it binds to 127.0.0.1 in the examples, any local malware, untrusted local user, or forwarded/tunneled access could abuse the endpoint to take over browser activity and access sensitive data.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The script modifies user configuration and installs persistence without any confirmation or dry-run mode. Silent state changes reduce user awareness and can leave a long-lived browser debugging service enabled, which is risky because CDP provides broad control over browser sessions and authenticated data.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.