ClawHub

Lightpanda browser

Security checks across malware telemetry and agentic risk

Overview

This is a coherent headless-browser skill, but users should notice it installs a mutable nightly executable and exposes a local CDP automation endpoint.

This skill appears reasonable if you want a lightweight headless browser. Before installing, make sure you trust the Lightpanda nightly release channel, understand that the installer downloads and runs a local executable, and keep the CDP server bound to localhost and closed when not in use.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Risk analysis

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

#
ASI04: Agentic Supply Chain Vulnerabilities
Medium
What this means

Installing or updating later may give you a different Lightpanda binary than the one originally reviewed.

Why it was flagged

The installer uses a mutable nightly release and fetches the expected checksum from the same release metadata. This is disclosed and purpose-aligned, but less reproducible than a pinned versioned binary.

Skill content
DOWNLOAD_URL="https://github.com/lightpanda-io/browser/releases/download/nightly/lightpanda-x86_64-linux" ... EXPECTED_DIGEST=$(curl -sL "https://api.github.com/repos/lightpanda-io/browser/releases/tags/nightly"
Recommendation

Install only if you trust the Lightpanda GitHub release channel; for higher assurance, prefer a pinned release and independently verified checksum.

#
ASI05: Unexpected Code Execution
Low
What this means

Running the installer executes a downloaded browser binary under your user account.

Why it was flagged

The user-directed installer downloads an executable browser binary, marks it executable, and runs it to test installation. This is expected for installing a browser, but it is still local code execution from an external source.

Skill content
curl -L -o "$INSTALL_DIR/$BINARY_NAME" "$DOWNLOAD_URL" ... chmod a+x "$INSTALL_DIR/$BINARY_NAME" ... "$INSTALL_DIR/$BINARY_NAME" --version
Recommendation

Run the install script deliberately, review the install location, and avoid rerunning updates unless you intend to accept the current nightly build.

#
ASI02: Tool Misuse and Exploitation
Low
What this means

Local automation scripts connected to the CDP port can control the browser session.

Why it was flagged

The skill exposes a localhost browser automation endpoint that can run JavaScript and navigate websites. This is central to the stated purpose, but broad automation endpoints should be kept local and used intentionally.

Skill content
You can connect directly to the CDP websocket via `ws://127.0.0.1:9222` ... Send CDP commands directly or use Playwright or Puppeteer. ... Lightpanda executes JavaScript
Recommendation

Keep the server bound to 127.0.0.1, close it when finished, and use trusted Playwright/Puppeteer/CDP scripts.