Skillv1.0.0

ClawScan security

Browser Extension Enabler · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewMar 1, 2026, 5:09 PM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill's stated purpose (automatically clicking a Chrome extension icon) matches the instructions, but there are important inconsistencies and missing artifacts (notably the referenced PowerShell script is not included) and the skill asks the agent to perform real mouse clicks, so you should inspect the actual script and test carefully before installing.
Guidance: This skill will move your real mouse and click things — do not install or run it blindly. Before installing or allowing autonomous runs: 1) verify the package actually contains scripts/enable-browser-extension.ps1 and inspect its full contents to confirm it only performs the described clicks and no other I/O or network activity; 2) confirm win-mouse-native is a known/trusted skill; 3) test in TestMode on a non-critical system and with Chrome visible, and calibrate coordinates carefully; 4) avoid running while doing important work (mouse control will interfere); 5) ask the publisher for the missing script if it is not present — the current bundle is incomplete, which is an installation/packaging red flag. If you cannot review the script, treat the skill as unsafe.
Findings: [no-code-to-scan] unexpected: The regex scanner had no code files to analyze. SKILL.md and PUBLISH.md reference scripts that are missing from the package — because the actual script content is absent, there were no code-based findings to report; this absence itself is a concern.

Review Dimensions

Purpose & Capability: noteThe name and description (enable a browser extension by moving/clicking the mouse) align with the instructions to use a mouse-control skill (win-mouse-native) and a PowerShell helper. However the package as provided does not include the referenced scripts (SKILL.md and PUBLISH.md reference scripts/enable-browser-extension.ps1), and registry metadata presented earlier omitted required bins while _meta.json lists powershell — this mismatch is an incoherence that should be resolved before trusting the skill.
Instruction Scope: concernThe runtime instructions tell the agent to run a local PowerShell script via exec (running powershell -File "$env:USERPROFILE\.openclaw\workspace\skills\browser-extension-enabler\scripts\enable-browser-extension.ps1"). That script is not present in the provided bundle, so we cannot verify what commands it executes. The SKILL.md also instructs direct mouse movement and clicks (via win-mouse-native), which will control the real mouse and may click arbitrary UI if coordinates or context are wrong. The instructions also allow autonomous agent invocation when a disconnected state is detected, increasing the risk if the script does more than indicated.
Install Mechanism: noteThis is an instruction-only skill with no install spec (low surface area). PUBLISH.md and SKILL.md expect a scripts directory and an included PowerShell script, but that file is absent from the bundle. Because no code was present for the scanner to analyze, we cannot confirm the script’s behavior — this missing artifact is the primary install/packaging concern.
Credentials: noteThe skill does not request secrets or external credentials and only references standard environment paths (e.g., $env:USERPROFILE) and the workspace location. That is proportionate for a local automation task. Still, the exec path runs a PowerShell file from the user's workspace; without the script content you cannot verify it won't read other files or exfiltrate data.
Persistence & Privilege: notealways is false (good) and the skill is user-invocable. Autonomous invocation is allowed (platform default). Combined with real-mouse control this increases the potential for unintended UI actions if the skill is invoked at the wrong time, but there is no evidence the skill requests elevated persistent privileges or modifies other skills.