Silmaril Ranger
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is a plausible browser-automation skill, but it relies on running an unreviewed external toolkit with powerful browser, JavaScript, and proxy capabilities.
Review or pin the external Silmaril toolkit before installing it, and use the skill only for scoped browser tasks. Avoid sensitive accounts unless necessary, and require explicit confirmation before the agent runs JavaScript, submits forms, changes account data, or enables MITM proxying.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing or using the skill may run external code that was not included in the reviewed artifact set, and that code can control the browser and proxy workflow.
The skill has no reviewed code or install spec, yet its setup path depends on cloning an unpinned external repository and running a wrapper that bypasses PowerShell execution policy.
`git clone https://github.com/Malac12/CDP-tools.git "D:\\silmairl cdp"` ... `silmaril.cmd` invokes PowerShell with `ExecutionPolicy Bypass`.
Only install from a trusted, pinned commit or reviewed local checkout, and inspect the toolkit before allowing the agent to run it.
The agent could click, type, modify page content, or run JavaScript in browser pages in ways that affect logged-in websites or user workflows.
The skill directs the agent to use affirmative flags for mutating browser actions, including JavaScript execution, without clearly bounding which sites or actions require explicit user confirmation.
Pass `--yes` for page actions and mutations such as `click`, `type`, `set-text`, `set-html`, and `eval-js`.
Use this only for clearly scoped tasks, and require explicit approval before actions that submit forms, change account data, purchase items, publish content, or run JavaScript on sensitive sites.
Proxy-backed browsing can expose or alter web traffic during the task, especially if used on sensitive sites.
The proxy workflow can intercept or override browser traffic; the documentation does disclose this and recommends local-only binding.
Expect HTTPS interception to require a trusted mitmproxy certificate. ... Keep `--listen-host` on loopback unless the user explicitly requests `--allow-nonlocal-bind`.
Keep proxy use limited to local testing, avoid sensitive accounts while interception is enabled, and do not allow non-local binding unless you understand the exposure.
Information from pages the agent visits may remain on disk after the automation run.
Flow execution may persist page-derived data locally as artifacts, which is disclosed but could include sensitive page content depending on the site.
`run` writes per-step JSON, a summary, a log, and usually a final DOM snapshot into an artifacts directory.
Choose an artifacts directory deliberately and delete outputs that contain private or sensitive page data.