Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
AI浏览器WebSocket控制
v1.0.0通过 WebSocket 控制真实浏览器,实现导航、点击、输入、截图、DOM 获取等完整自动化操作。特点:真正的浏览器内核 (Chromium)、WebSocket 实时控制、支持无头/有头模式、自动重连机制。
⭐ 0· 17·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The package and SKILL.md match the stated purpose: a Puppeteer-based WebSocket browser controller that downloads Chromium. However, quick-control.js contains hardcoded behavior that connects to a local debug port and automatically navigates to a specific site (https://fanqie.baidu.com/writer). That file is unexpected in a general-purpose browser-control skill and could be used to perform site-specific actions without explicit user intent.
Instruction Scope
SKILL.md instructs running an npm service providing ws://localhost:18790 that accepts JSON actions (navigate, screenshot, evaluate, etc.). The server implements an 'evaluate' action that runs arbitrary JS in page context and returns DOM/inputs/screenshots. There is no authentication or authorization in the code, and the server listens on a port with no access control — meaning any client that can reach the port can read page content, screenshots, and execute scripts (high risk for credential or data leakage).
Install Mechanism
There is no custom download URL; dependencies are standard npm packages (puppeteer, ws). Puppeteer will download a Chromium binary during install/start (noted in SKILL.md). This is expected for functionality and does not use arbitrary external URLs or archive extraction beyond Puppeteer's normal behavior.
Credentials
The skill declares no required env vars aside from optional AI_BROWSER_PORT to change the listening port. That is proportionate. However, the server launches Chrome with a remote-debugging port (9222) and quick-control.js connects to that port — exposing another local interface that could be abused if reachable. No credentials are requested, but the code can capture sensitive page content without needing explicit secrets.
Persistence & Privilege
always:false (good), but the skill is invocable by the model and exposes powerful capabilities (DOM extraction, screenshots, arbitrary JS) via an unauthenticated socket. Autonomous agent invocation plus an unauthenticated control channel increases the blast radius: an agent or any local process could access and exfiltrate sensitive info. The skill itself does not persist beyond running the node process.
What to consider before installing
This skill does implement a local WebSocket-controlled browser, but it currently runs an unauthenticated server that can execute arbitrary JS in pages, capture screenshots, and read form inputs — all of which can leak sensitive data (cookies, tokens, private pages). Also review quick-control.js: it automatically connects to a local Chrome debug port and navigates to a specific site, which is unexpected for a general utility. Before installing or running: 1) audit the code and remove or inspect quick-control.js if you don't want site-specific automation; 2) run the service in an isolated environment (VM/container) until you're comfortable; 3) bind the WebSocket server to 127.0.0.1 only (or require a secret token) and do not expose it to networks; 4) avoid forwarding or exposing the Chromium remote-debugging port (9222) to untrusted networks; 5) if you must use it in production, add authentication/authorization and TLS for clients, and set headless:true for unattended runs. If you cannot audit/mitigate these issues, treat the skill as risky and avoid running it on machines containing sensitive data.Like a lobster shell, security has layers — review code before you run it.
latestvk9715hfnc2cdxy4sdjfmvt1rsx84szqp
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🌐 Clawdis
OSLinux · macOS · Windows