Auto Free Banana
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: auto-free-banana Version: 1.0.0 The skill automates Google Flow image generation via Chrome DevTools Protocol (CDP) but contains significant security risks. It features a shell injection vulnerability in `scripts/flow-webapi/utils/paths.ts` where `execSync` is called on unsanitized environment variables. Additionally, it performs high-risk credential handling by launching Chrome with remote debugging enabled, scraping OAuth tokens (ya29.*) from the browser session, and storing them in a local `cookies.json` file. While these behaviors appear aligned with the stated purpose of UI automation, the lack of input sanitization and the handling of sensitive session data meet the threshold for a suspicious classification.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill can reuse your Google Flow login, and anyone or anything that can read the cookie file may be able to reuse that session material.
The skill writes Google Flow OAuth access tokens and cookies to a local JSON file. This is related to the stated Flow integration, but it is high-impact account/session material and the registry metadata declares no primary credential.
accessToken: string; cookies: CookieMap; ... await writeFile(p, JSON.stringify(payload, null, 2), 'utf8');
Use a dedicated Google/browser profile, protect or delete the saved cookie file when done, and expect the skill to clearly declare credential use, storage location, retention, and logout/revocation guidance.
A local process may be able to connect to the remote-debugging browser while it remains open, potentially controlling the browser profile used for Google Flow.
The skill launches Chrome with a remote debugging port and detaches the process. That is useful for UI automation, but it can leave a privileged browser session and CDP endpoint running beyond the immediate task.
`--remote-debugging-port=${get_cdp_port()}`, `--user-data-dir=${userDataDir}`, ... const child = spawn(cmdExe, args, { detached: true, stdio: 'ignore' }); child.unref();Run this only in an isolated browser profile, close the debug Chrome session after use, avoid sharing the debug port, and prefer an implementation that cleans up or clearly tells the user what remains running.
If an unsafe value is supplied through the relevant environment variable, the path conversion command could behave unexpectedly.
The shell command is for WSL path conversion, which fits the browser-automation setup, but it interpolates an environment-derived path into a shell string.
return execSync(`wslpath -u "${rawWindowsPath}"`, { encoding: 'utf-8', timeout: 5000 }).trim() || null;Avoid untrusted values in WSL path environment variables; the skill author should use argument-based process execution instead of shell string interpolation.
The first run may download and execute a runtime package from the package ecosystem.
If Bun is not installed, the documented fallback runs Bun through npx at execution time, which relies on npm package resolution rather than a pinned local runtime.
`${BUN_X}` = `bun` if installed, else `npx -y bun`Install Bun from a trusted source ahead of time or use a pinned runtime path instead of relying on `npx -y bun`.