ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

ko-browser

v0.1.1

Browser automation CLI for AI agents, written in Go. Use when the user needs to interact with websites, including navigating pages, filling forms, clicking b...

1· 28·0 current·0 all-time
by@libi
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name and description (browser automation) match the SKILL.md: all instructions, commands, and workflows are consistent with a CLI that drives Chrome/Chromium via CDP.
Instruction Scope
Instructions include legitimate browser automation operations (open, snapshot, fill, click) and expected features (profiles, session names, state export/import, auth vault). However the SKILL.md explicitly instructs storing credentials (kbr auth save ...) and exporting/importing session state files (auth.json), which can contain sensitive tokens/credentials — this is expected for such a tool but expands what will be read/written and could be misused if the source is untrusted.
!
Install Mechanism
No install spec is provided in the registry; instead the instructions ask the user/agent to run 'go install github.com/libi/ko-browser/cmd/kbr@latest' or git clone and build from GitHub. Building and installing arbitrary code from an external repo is a moderate-to-high risk action (it executes third-party code locally). The doc also instructs placing binaries in system paths (/usr/local/bin) and auto-installing Chrome via package managers, which may require elevated privileges.
Credentials
The skill declares no required environment variables or credentials (consistent). Still, the runtime instructions rely on local file paths for profiles and state export/import and offer an 'auth vault' that will store usernames/passwords — these are proportional to browser automation but increase the scope of sensitive data the tool will handle.
Persistence & Privilege
The skill is not always-enabled and does not request agent-level persistence. The referenced 'background daemon' is part of the external kbr binary; the skill itself does not mutate other skills or agent configuration.
What to consider before installing
This SKILL.md describes a legitimate browser-automation CLI, but it expects you to fetch and install third-party code (go install or git clone/build) and to store session/auth data locally. Before installing or running any of these commands: (1) verify the upstream repository (github.com/libi/ko-browser) and review its source or release artifacts; (2) prefer installing from a vetted release or building the code yourself in an isolated environment; (3) avoid exporting or sharing auth/state JSON files and don't store plaintext credentials unless you trust the tool and host; (4) be cautious when running commands that move binaries into system paths or invoke package managers with sudo; and (5) if you cannot audit the code, consider running the tool inside a disposable VM or container to limit potential harm.

Like a lobster shell, security has layers — review code before you run it.

latestvk973mmkrnydb82ey7rf7wet5t98453j8

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments