Back to skill
Skillv1.0.0
VirusTotal security
Chrome Automation · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 5:10 AM
- Hash
- da34deb4b9df80c0c0cec51ab1cd8032fa94afe39aa14ca5eb244dc7200c5262
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: chrome-automation Version: 1.0.0 The skill is classified as suspicious primarily due to the use of the `--no-sandbox` flag when launching Google Chrome in both the `SKILL.md` instructions and the `scripts/playwright_stealth.py` script. While often necessary for headless browser environments on servers, this flag significantly reduces the security posture by disabling Chrome's sandboxing, making the system more vulnerable to potential browser exploits. There is no evidence of intentional malicious behavior such as data exfiltration, unauthorized remote control, or persistence mechanisms. The `add_init_script` in `playwright_stealth.py` is for anti-bot detection, not malicious client-side attacks. The `sudo` commands in `SKILL.md` are for legitimate package installations.
- External report
- View on VirusTotal