v1.0.0

Chrome Remote Browser Guide

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 8:30 AM.

Analysis

This guide is coherent for browser automation, but it gives an agent broad control over logged-in Chrome sessions and encourages page captures that may expose private information.

GuidanceInstall or invoke this only if you intentionally want an agent to control a Chrome session. Use a separate browser profile, keep sensitive accounts logged out, limit the task to specific sites, and require confirmation before any account-changing action or screenshot of private information.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityHighConfidenceHighStatusConcern

SKILL.md

external tools can: Open/close tabs; Navigate to URLs; Read page content; Take screenshots; Click buttons, fill forms, scroll; Execute JavaScript

The artifact documents broad browser-control operations that can affect arbitrary webpages, but the provided instructions do not clearly limit domains, actions, or require confirmation for high-impact changes.

User impactA mistaken or overbroad agent action could submit forms, change account data, or interact with sensitive sites in the user's browser.

RecommendationRequire explicit user confirmation before submitting forms, changing settings, purchasing, deleting, posting, or performing admin actions, and restrict use to approved domains.

Unexpected Code Execution

SeverityMediumConfidenceHighStatusNote

SKILL.md

`execute_js` — Run JavaScript... Execute arbitrary JavaScript in the page context. Extremely powerful

Arbitrary page-context JavaScript execution is disclosed and aligned with browser automation, but it is a powerful escape-hatch capability that can read or modify page state.

User impactA poorly scoped script could expose page data, trigger unintended page behavior, or modify a logged-in session.

RecommendationPrefer read-only scripts, review any JavaScript before running it, and require confirmation for scripts that mutate state or access sensitive page data.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityHighConfidenceHighStatusConcern

SKILL.md

This enables interaction with authenticated sessions (Google, GitHub, dashboards, etc.) without needing separate login credentials.

The skill instructs agents to use the user's already logged-in browser sessions, granting delegated access to accounts without a scoped credential boundary.

User impactAn agent could read or act inside logged-in accounts as the user, including sensitive dashboards or developer accounts.

RecommendationUse only with explicit task and site approval, preferably in a dedicated Chrome profile with minimal logged-in accounts and no sensitive admin sessions.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication

SeverityHighConfidenceMediumStatusConcern

SKILL.md

Always take a screenshot and/or snapshot before and after every action... Returns: A CDN URL of the screenshot image

The guide encourages frequent capture of authenticated pages, and the screenshot output is described as a CDN URL, creating an unclear external data boundary for potentially private page contents.

User impactScreenshots or page snapshots could include private account information and may be stored or shared outside the local browser context.

RecommendationAvoid using this workflow on sensitive pages unless captures are local-only or redacted, and get user approval before taking or sharing screenshots of authenticated content.