Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Browser Ops V2
v2.9.0搜索+API+ 抓取 + 反爬统一入口。API 优先 (AKShare/新浪)/搜索引擎 API/网页抓取/爬虫/反爬。搜索 抓取 爬取 获取网页 打开网站 查股价 行情 热榜 热门 网站打不开 被拦截 截图 下载网页 批量查询。scrape crawl fetch browse screenshot cooki...
⭐ 0· 45·0 current·0 all-time
by_silhouette@lanyasheng
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description (browser ops, scraping, anti-bot bypass) align with the included instructions and code: opencli, agent-browser, Stagehand, Zendriver/Camoufox, proxy usage and cookie syncing are expected for this functionality. Minor incoherence: SKILL metadata declares no required env vars/credentials but the documentation and examples explicitly require LLM API keys (Anthropic/OpenAI/Gemini) for Stagehand and may require proxy credentials when using residential proxies.
Instruction Scope
SKILL.md and scripts instruct the agent/user to read and write a unified cookie file (~/.browser-ops/cookie-store/unified-state.json), import/export that file into various browser tools, and install/run third-party tooling and extensions. Those operations are within the stated purpose (reusing login/session state) but are sensitive: they cause persistent local storage of session tokens and give the skill (and the user-run tooling it tells the agent to execute) broad access to authenticated sessions for many domains.
Install Mechanism
There is no automated install spec in the registry (instruction-only skill), but SKILL.md directs global npm/pip installs and downloading a Chrome extension from GitHub Releases. These are common for this use-case but are moderate-risk steps: they install third-party packages and browser extensions that should be validated (source, checksums, reputation) before running.
Credentials
The registry lists no required environment variables, yet the docs/examples reference HOME paths, an example AGENT_BROWSER_ENCRYPTION_KEY, and explicit LLM API keys (Anthropic/OpenAI/Gemini) for Stagehand and optional proxy credentials. The most important proportionality issue is the unified cookie file: it contains session cookies (sensitive secrets) for many domains but the skill does not surface that it will persist them. Expect to provide API keys or proxy credentials for some modes — these are optional but highly privileged when used.
Persistence & Privilege
The skill persists state to ~/.browser-ops (cookie-store, profiles, stagehand-cache), uses global npm installs and suggests installing a Chrome extension, and provides scripts to export/import cookies across tools. Persistence is necessary for the stated features, but it is a privileged capability (long-lived session tokens on disk, tooling installed globally). always:false and autonomous invocation are normal; however the persistent cookie store centralizes sensitive credentials and increases attack surface if not protected.
What to consider before installing
This skill appears to do what it says (search, fetch, browse, screenshot, anti-bot bypass), but it centralizes and persists session cookies and encourages installing third-party tooling and a Chrome extension. Before installing or running it:
- Understand that ~/.browser-ops/cookie-store/unified-state.json will contain cookies/session tokens for sites you log into; treat it like a secrets file (restrict filesystem permissions, consider encrypting or not using unified storage).
- Audit the packages and extension the instructions tell you to install (npm packages, pip packages, GitHub release zip) and prefer installing in an isolated environment or VM first. Verify publisher reputations and checksums.
- Be cautious about using residential proxy providers and anti-detection tools—these enable evading protections and may have legal/ethical implications in your jurisdiction or against target site terms of service.
- The skill docs reference LLM API keys (Anthropic/OpenAI/Gemini) but the skill metadata doesn't declare required credentials; only supply keys when you trust and understand the code paths that use them.
- If you proceed, run the scripts locally in a sandbox, inspect scripts like scripts/sync-cookies.sh, and consider avoiding global installs or using virtual environments. If you need a safer baseline: disable unified cookie persistence, or limit it to a single, throwaway profile.Like a lobster shell, security has layers — review code before you run it.
latestvk975k1ahd7dbpvn9q923mw49n58435yp
License
MIT-0
Free to use, modify, and redistribute. No attribution required.