Browser Search
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: browser-search Version: 1.0.7 The browser-search skill bundle is a legitimate tool for automating web searches via Playwright. The code in browser-search.py implements explicit security controls, such as validating that output files are restricted to the user's home directory and avoiding dangerous functions like eval or exec. No evidence of data exfiltration, malicious persistence, or prompt injection was found across the script or documentation.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Search terms may be sent to Bing, Google, Baidu, or DuckDuckGo through the automated browser.
The skill controls a local browser and visits search-engine URLs. This is central to the stated browser-search purpose, but users should understand that queries leave the local machine.
browser = p.chromium.launch(headless=True) ... page.goto(search_url, wait_until="domcontentloaded", timeout=DEFAULT_TIMEOUT)
Use it for searches you are comfortable sending to public search engines, and avoid placing secrets or private data in search queries.
Installing the skill may bring in Playwright and a Chromium browser dependency, which should come from trusted sources.
The dependency is declared with a lower-bound version rather than a pinned exact version. Playwright is expected for browser automation, but unpinned dependencies can resolve to future versions.
playwright>=1.58.0
Install dependencies from trusted package indexes and consider pinning exact versions if reproducibility is important.