Ask Gemini/ChatGPT
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill appears purpose-aligned, but it keeps logged-in browser sessions in a persistent Chrome profile and exposes them through a local debugging port, so it should be reviewed carefully before use.
Use this only if you are comfortable with a dedicated Chrome profile staying logged in for Gemini or ChatGPT and being controlled through a localhost debugging port. Prefer a separate account/profile, avoid sending secrets unless intended, use new chats for isolated questions, and close or clear the Chrome profile when done.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill can submit prompts using the logged-in chatbot account, and that browser session remains available for later runs.
This shows the skill relies on a persistent browser profile containing logged-in web sessions. That is high-impact account-session access, even though it is disclosed and purpose-aligned.
It launches Chrome with `--remote-debugging-port=9222` and `--user-data-dir=~/.openclaw/workspace/chrome_profile`. Login sessions persist across restarts.
Use a dedicated browser profile or account, avoid using a primary personal profile, and clear the profile or close Chrome when finished.
Any process able to reach that local debugging endpoint may be able to inspect or control the dedicated Chrome profile while it is running.
Chrome DevTools Protocol gives automation code broad control over the browser profile exposed on the chosen local port. The artifact uses this for its stated purpose, but CDP is broader than a narrowly scoped chatbot API.
"$CHROME_BIN" --remote-debugging-port="$PORT" --user-data-dir="$USER_DATA_DIR" ... &
Keep the profile dedicated to this skill, close the Chrome instance when not in use, and consider adding explicit user confirmation before starting or reusing the CDP browser.
A response may reflect prior conversation context or account state rather than only the current user prompt.
The documented default does not force a fresh chatbot conversation. If the browser or service continues prior context, later answers may be influenced by earlier chats.
| `--new-chat` | Force new chat session | `false` |
Prefer `--new-chat` for isolated requests, or make continuation of an existing chatbot thread an explicit user choice.
A later install may fetch a newer Playwright version with different behavior.
The dependency is version-ranged rather than pinned. Playwright is expected for this browser-automation skill, but unpinned dependencies make future installs less reproducible.
playwright>=1.40.0
Pin dependency versions and provide a lockfile or install spec for reproducible installation.