Skillv1.0.1

ClawScan security

Gemini Browser Image · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 29, 2026, 1:55 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions match its stated purpose (automating a local Chrome session to drive Gemini's web UI and download images) but there are minor omissions and operational risks you should understand before enabling it.
Guidance: What to consider before installing or running this skill: - Trust boundary: This skill automates your local Chrome profile via the remote debugging port and requires access to your Downloads folder. Only run it on a machine/profile you control and trust. - Use a dedicated Chrome profile: Create and use a separate Chrome user-data-dir that is logged into Gemini (not your primary account) to limit exposure of cookies, saved passwords, and other profile data. - Validate mcporter/chrome-devtools-mcp: The skill instructs you to run 'chrome-devtools-mcp' and use 'mcporter'. Install those tools from trusted sources and review their code/rights; they have the ability to control your browser. - Inspect commands before execution: The SKILL.md allows commands like evaluate_script — ensure the agent or operator does not execute arbitrary scripts you haven't reviewed. - Local vs remote agent: If the agent runs remotely (e.g., on a server you don't control), be cautious — the skill's file-access steps could end up exposing downloaded images or interacting with a browser profile on that host. - Manifest completeness: The skill's manifest did not declare required tools (Chrome, mcporter, chrome-devtools-mcp). Confirm installation prerequisites manually before use. If you are comfortable with those operational requirements and run the skill in an isolated, trusted environment (dedicated Chrome profile, local-only agent), the skill appears coherent with its stated purpose. If not, do not enable it or require additional safeguards (profile isolation, permission checks, manual approvals for script evaluation).
Findings: [no_regex_findings] expected: The static regex scanner found nothing to analyze; this is expected because the skill is instruction-only (no code files). The absence of findings does not imply safety — review the SKILL.md instructions for operational risks.

Review Dimensions

Purpose & Capability: noteThe skill claims to automate Gemini in the user's Chrome session and the SKILL.md describes browser automation via mcporter / chrome-devtools-mcp and reading the Downloads folder — this is coherent with the stated purpose. However, the registry metadata did not declare required binaries or tools (mcporter, chrome-devtools-mcp, Chrome with remote debugging), which is an omission that makes the manifest incomplete.
Instruction Scope: noteThe runtime instructions are explicit and constrained to: connect to an existing Chrome remote-debugging session, navigate to gemini.google.com, fill prompts, trigger generation, and copy the downloaded image from the user's Downloads folder. The SKILL.md also explicitly forbids reading or exfiltrating cookies/profile data and forbids bypassing logins/CAPTCHAs. Still, the instructions ask the agent to access local browser state (user-data-dir, Downloads) and to execute arbitrary mcporter commands (including evaluate_script), which grants broad local control and should be limited to trusted environments.
Install Mechanism: okThis is an instruction-only skill with no install spec or bundled code; nothing will be written or executed by an installer. That reduces supply-chain risk. The skill does rely on external tools (mcporter, chrome-devtools-mcp) being installed/run separately.
Credentials: noteThe manifest declares no required env vars or credentials, which aligns with 'use the user's own browser session'. However the instructions reference $env:USERPROFILE and require read access to the browser Downloads folder and the ability to start Chrome with a user-data-dir. This is a meaningful local privilege (access to files and ability to control a browser profile) — appropriate for the stated task but potentially sensitive if the agent runs on a shared or remote host.
Persistence & Privilege: okThe skill is not marked always:true and does not request persistent platform privileges or changes to other skills. Autonomous invocation defaults are unchanged. There is no install-time behavior that modifies other skills or global agent config.