Back to skill
Skillv1.0.2
VirusTotal security
Agent Browser Stealth · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:28 AM
- Hash
- f5b6ac602c1bbde429021b0a85737ea021cbe4b039121ffc6ed51ea224285720
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: agent-browser-stealth Version: 1.0.2 The skill instructs the AI agent to install a global `pnpm` package (`agent-browser-stealth`) and execute commands from it, as detailed in `SKILL.md`. This introduces a significant supply chain vulnerability, as a compromised external package could lead to arbitrary code execution on the host system. While the skill's stated purpose is benign browser automation, the reliance on and installation of external, globally-scoped software represents a high-risk capability. The skill also guides the agent to handle sensitive data like `$USERNAME` and `$PASSWORD` for login flows, further increasing the risk profile, though this is within its stated purpose. No direct malicious prompt injection attempts or explicit data exfiltration instructions were found.
- External report
- View on VirusTotal