Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Browser Agent - Chrome CDP 自动化
v1.0.0通过 Chrome DevTools Protocol 直接控制浏览器,实现登录状态复用和多场景自动化操作,支持 Windows 和 OpenClaw 集成。
⭐ 0· 557·11 current·11 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description match the included Python scripts and docs: the package implements a CDP WebSocket client, session keep‑alive, and actions (navigate, click, type, screenshot). No unrelated credentials, binaries, or exotic installs are requested.
Instruction Scope
SKILL.md and scripts instruct connecting to a local Chrome CDP endpoint, reusing user profiles (--user-data-dir) and bypassing Chrome's WebSocket origin checks (--remote-allow-origins=*). These instructions are coherent with the stated goal (session reuse, automation) but intentionally weaken browser-origin protections and enable the skill to access cookies, logged‑in sessions, and any page DOM/Network data.
Install Mechanism
No automated install spec; scripts are included and dependencies are listed in scripts/requirements.txt (websocket-client, requests). There are no downloads from third‑party URLs or archive extraction steps. Minor oddity: an npm package.json lists Python deps, but this is a packaging inconsistency rather than a direct install risk.
Credentials
The skill requests no environment variables, which is proportional. However, its intended operation requires access to the user's browser profile and a running Chrome with remote debugging enabled—this grants access to sensitive session state (cookies, auth tokens). That access is necessary for the skill's features but is high‑privilege and sensitive.
Persistence & Privilege
always is false and the skill does not request system-wide persistence. It does implement session keep‑alive threads while running. Be aware that autonomous invocation (the default) would allow the agent to open and control the local browser session without additional prompts if invoked.
Assessment
This skill appears to do what it claims (control Chrome via CDP) but it operates with sensitive privileges: it can read and act using your browser's logged‑in sessions and it suggests using --remote-allow-origins=* (which weakens WebSocket origin checks). Before installing or running:
- Only run it on a machine you trust and preferably in an isolated profile/VM/container. Use a dedicated Chrome user-data-dir (not your main profile) to avoid exposing personal cookies/tokens.
- Avoid enabling --remote-allow-origins=* on machines exposed to other networks; prefer binding CDP to localhost and firewalling the port. Follow the SKILL.md warning to not expose the CDP port to the internet.
- Review any custom automation scripts you pass via --script; they can execute arbitrary CDP/JS against pages and could exfiltrate data.
- Install Python deps in a virtualenv and inspect the two Python scripts (they are included) before running. The package.json vs Python packaging mismatch is harmless but indicates the author bundled files manually—verify origin and author trust.
- If you want stricter guarantees, run the skill in a disposable environment, or decline installing if you cannot isolate browser profile access.
If you want, I can extract and summarize the exact code paths that access page content, cookies, or network responses so you can audit them more precisely.Like a lobster shell, security has layers — review code before you run it.
automationvk976snye1yng9a9a7ywdak4p2h835km6browservk976snye1yng9a9a7ywdak4p2h835km6cdpvk976snye1yng9a9a7ywdak4p2h835km6latestvk976snye1yng9a9a7ywdak4p2h835km6
License
MIT-0
Free to use, modify, and redistribute. No attribution required.