Ubuntu Browser Session
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill is coherent for browser-session reuse, but it needs review because it preserves logged-in accounts and documents a LAN noVNC path that could expose a live authenticated browser if reachable.
Review this before installing if the Ubuntu host is on any shared or untrusted network. It is designed to keep and reuse real login sessions, so restrict stored profiles, keep noVNC/CDP local or tunneled, firewall the ports, and approve any LAN exposure or account-changing actions explicitly.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Another machine that can reach the exposed noVNC port could view or control the browser, including sites where the user is already logged in.
The documented fallback starts a no-password VNC server and exposes the noVNC/websockify bridge on all interfaces; if reachable, this can provide remote control of the live browser session.
x11vnc -display :77 -forever -shared -rfbport 5900 -localhost -nopw websockify --web=/usr/share/novnc 0.0.0.0:6080 localhost:5900
Bind noVNC to localhost by default, use SSH tunneling, add VNC/noVNC authentication and firewall restrictions, and require explicit user approval before exposing any LAN URL.
Installing and using the skill can let the agent reopen protected sites as the saved user identity without a fresh login prompt.
The skill intentionally persists and reuses authenticated browser profiles for sites, which is purpose-aligned but grants the agent continuing access to logged-in accounts.
- each important site keeps one default primary identity - agent tasks reuse that default identity automatically ... - `~/.agent-browser/index/site-sessions.json` - `~/.agent-browser/sessions/...`
Use it only for accounts you want the agent to access, keep separate session keys for different identities, confirm sensitive account changes manually, and periodically review or remove stored profiles under `~/.agent-browser`.
A mistaken or overly broad command could read protected page content or interact with the page in the logged-in browser context.
The helper can evaluate JavaScript in the controlled browser page via CDP; this is expected for browser automation but should be limited to trusted, task-relevant actions.
"method": "Runtime.evaluate",
"params": {
"expression": expression,
"returnByValue": True
}Avoid running untrusted JavaScript, keep CDP access bound to localhost, and require user confirmation before using evaluated scripts to submit forms, change settings, or perform account actions.