Back to skill
Skillv1.0.3
VirusTotal security
Ubuntu Browser Session · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 6:11 AM
- Hash
- fff63b3f5936f229c933cfc980d5b3ddffb08526b2c109cfe678605958025caf
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: ubuntu-browser-session Version: 1.0.3 The skill bundle implements a persistent browser automation framework using Chrome, Xvfb, and noVNC. It is classified as suspicious because scripts/assisted-session.sh and scripts/browser-runtime.sh configure x11vnc with the '-nopw' (no password) flag and bind websockify to '0.0.0.0', effectively exposing an unauthenticated remote GUI session to the network. While this is documented as a 'manual login recovery' feature, the implementation lacks any authentication or encryption for the VNC/noVNC streams, creating a significant risk of unauthorized remote access and session hijacking if the host firewall is not strictly configured.
- External report
- View on VirusTotal