ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Lightpanda browser

v1.0.3

Lightpanda browser, drop-in replacement for Chrome and Openclaw default browser - faster and lighter for tasks without graphical rendering like data retrieval. Use it with CDP clients like Playwright or Puppeteer.

3· 2.1k·3 current·4 all-time
by@krichprollsch
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name and description (headless CDP browser for data extraction) match the included SKILL.md and the install script which downloads a Lightpanda binary and instructs how to run a CDP server. There are no environment variables or credentials requested that would be unrelated to a browser.
Instruction Scope
SKILL.md stays on-topic: it tells the agent how to install, start, and connect to a local CDP endpoint and how to use Playwright/Puppeteer. It does not instruct reading unrelated files, exfiltrating data, or contacting unexpected external endpoints beyond GitHub (for install/checksum) and web targets that the user browses.
Install Mechanism
Install script downloads a nightly binary directly from GitHub releases (well-known host) to $HOME/.local/bin and verifies a SHA256 digest fetched from the GitHub releases API. This is a reasonable, common pattern, but downloading and executing an unvetted nightly binary carries inherent risk. The script's reliance on an asset '.digest' field may be fragile (if absent, install aborts). Requires curl, jq, and sha256sum/shasum.
Credentials
No credentials or sensitive environment variables are requested. The only optional env observed is LIGHTPANDA_DIR to override the install directory — appropriate for an installer. The runtime uses a localhost port for CDP; no external auth or tokens are required by the skill itself.
Persistence & Privilege
Skill is instruction-only (plus an install script) and does not request 'always: true'. It installs a user-local binary (no system-wide privilege escalation) and does not modify other skills or global agent settings.
Assessment
The skill appears coherent with its stated purpose, but before installing consider: (1) The installer fetches and executes a nightly binary from GitHub releases — nightly builds are unvetted and could contain bugs or malicious changes. Only proceed if you trust the lightpanda-io project; review the upstream GitHub repository and recent release notes/commit history. (2) The script verifies a SHA256 digest obtained from the GitHub API; verify the repository and asset yourself if possible. (3) The binary runs as your user and exposes a CDP server on localhost (ws://127.0.0.1:9222) — be careful not to bind it to public interfaces and limit access to trusted processes. (4) The install requires curl, jq, and sha256sum/shasum; the digest lookup may fail if the release asset lacks the expected 'digest' field. If you want extra safety, run Lightpanda inside a container or isolated VM, or prefer official/stable builds instead of nightly binaries. Also note a minor metadata inconsistency: registry metadata listed no source/homepage, but SKILL.md points to a GitHub repo — confirm the canonical upstream project before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ac7mmdvm1mytw20g11n0hy980zzc7

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments