ClawHub
Back to skill
v1.0.3

Lightpanda browser

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 5:24 AM.

Analysis

This is a coherent headless-browser skill, but users should notice it installs a mutable nightly executable and exposes a local CDP automation endpoint.

GuidanceThis skill appears reasonable if you want a lightweight headless browser. Before installing, make sure you trust the Lightpanda nightly release channel, understand that the installer downloads and runs a local executable, and keep the CDP server bound to localhost and closed when not in use.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agentic Supply Chain Vulnerabilities
SeverityMediumConfidenceHighStatusNote
scripts/install.sh
DOWNLOAD_URL="https://github.com/lightpanda-io/browser/releases/download/nightly/lightpanda-x86_64-linux" ... EXPECTED_DIGEST=$(curl -sL "https://api.github.com/repos/lightpanda-io/browser/releases/tags/nightly"

The installer uses a mutable nightly release and fetches the expected checksum from the same release metadata. This is disclosed and purpose-aligned, but less reproducible than a pinned versioned binary.

User impactInstalling or updating later may give you a different Lightpanda binary than the one originally reviewed.
RecommendationInstall only if you trust the Lightpanda GitHub release channel; for higher assurance, prefer a pinned release and independently verified checksum.
Unexpected Code Execution
SeverityLowConfidenceHighStatusNote
scripts/install.sh
curl -L -o "$INSTALL_DIR/$BINARY_NAME" "$DOWNLOAD_URL" ... chmod a+x "$INSTALL_DIR/$BINARY_NAME" ... "$INSTALL_DIR/$BINARY_NAME" --version

The user-directed installer downloads an executable browser binary, marks it executable, and runs it to test installation. This is expected for installing a browser, but it is still local code execution from an external source.

User impactRunning the installer executes a downloaded browser binary under your user account.
RecommendationRun the install script deliberately, review the install location, and avoid rerunning updates unless you intend to accept the current nightly build.
Tool Misuse and Exploitation
SeverityLowConfidenceHighStatusNote
SKILL.md
You can connect directly to the CDP websocket via `ws://127.0.0.1:9222` ... Send CDP commands directly or use Playwright or Puppeteer. ... Lightpanda executes JavaScript

The skill exposes a localhost browser automation endpoint that can run JavaScript and navigate websites. This is central to the stated purpose, but broad automation endpoints should be kept local and used intentionally.

User impactLocal automation scripts connected to the CDP port can control the browser session.
RecommendationKeep the server bound to 127.0.0.1, close it when finished, and use trusted Playwright/Puppeteer/CDP scripts.