Skillv1.0.0

ClawScan security

google-search-wsl · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 21, 2026, 6:38 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill is internally consistent with its stated purpose (launching Chrome in WSL for CDP-driven searches), but has small documentation/installation mismatches and some operational risks you should understand before running it.
Guidance: This skill appears to do what it says: launch Chrome in WSL with remote debugging so the OpenClaw browser tool can control it. Before using it: (1) review and decide where the startup script should live (SKILL.md expects ~/.openclaw/scripts but the bundle contains scripts/google-search-chrome.sh); (2) be aware it opens a local Chromium remote-debugging port (default 9222) and writes a browser profile under $HOME/.openclaw/chrome-debug-profile — avoid exposing that port to untrusted networks and inspect the profile directory if you care about privacy; (3) the script accepts optional GOOGLE_SEARCH_* env vars (not declared in metadata) — set them if you need to change port, data dir, timeout, language, or GPU behavior; (4) only run this on machines you control and trust, since the browser tool will be able to load pages and access session data in that profile; and (5) if you need stronger assurance, run the script manually and inspect its output before allowing any automated agent to invoke the browser tool.

Review Dimensions

Purpose & Capability: okThe script and SKILL.md match the description: they start a Chrome/Chromium instance in WSL with remote-debugging enabled so the OpenClaw browser tool can drive searches. The script's WSL checks, data-dir usage, and Chrome flags are appropriate for that purpose.
Instruction Scope: noteSKILL.md tells the agent/user to run a script at ~/.openclaw/scripts/google-search-chrome.sh, but the packaged file is scripts/google-search-chrome.sh with no install step—there's a minor mismatch about where the script should live. The instructions direct starting Chrome with remote-debugging on localhost (9222) and using the browser tool; they do not instruct reading or exfiltrating unrelated files. The guidance about using HTTP_PROXY and DISPLAY is operational (not exfiltration) but SKILL.md mentions some env vars (HTTP_PROXY) while the script actually uses GOOGLE_SEARCH_* variables that are not declared in metadata.
Install Mechanism: okThere is no install spec (instruction-only with a packaged script). That is low-risk from an install perspective because nothing is being downloaded or automatically written to disk by an installer; the script will only run if the user invokes it.
Credentials: noteNo credentials or sensitive environment variables are requested. The script does create and use a user-data-dir under $HOME/.openclaw/chrome-debug-profile and reads optional env vars (GOOGLE_SEARCH_CHROME_PORT, GOOGLE_SEARCH_CHROME_DATA, GOOGLE_SEARCH_CHROME_TIMEOUT, GOOGLE_SEARCH_DISABLE_GPU, GOOGLE_SEARCH_LANG) which are not declared in the skill metadata. This is reasonable for a browser-launch helper but should be noted because it stores browser profile data locally.
Persistence & Privilege: okThe skill is not always-enabled and makes no platform-wide configuration changes. It writes only to a per-user data directory and spawns a local Chrome process; it does not request elevated system privileges.