ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

God of all Browsers

v1.0.6

A 100x smarter browser automation CLI that mimics human behavior using a native stateful Chromium instance. It supports multi-tab management, bypasses bot de...

0· 131·0 current·0 all-time
by@mathanmithun1999
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name and description match included code and deps: browser.js implements a persistent Chromium controller using puppeteer-core, snapshot/tagging, multi-tab handling, eval, and session persistence. The required native Chrome/Chromium binary and puppeteer-core dependency are expected for this functionality.
Instruction Scope
SKILL.md commands align with the code (start, snapshot, click, eval, save-session, etc.). However the runtime script reads process.env and several local files (run_id, session.json, activeTab.txt, debug_port.txt) and writes persistent data (chrome_profile, session.json, recordings). The SKILL.md warns about eval risks but does not explicitly call out that the runtime reads the entire environment object at startup.
Install Mechanism
No remote/opaque downloads or unusual installers. setup.sh runs npm install puppeteer-core; package.json/lock reference standard npm packages. This is a typical Node/npm install flow (moderate trust, trackable via npm).
Credentials
The skill declares no required environment variables, yet browser.js reads process.env (including GOD_DEBUG_PORT optional override and TERMUX detection). It persists cookies/sessions to session.json and a chrome_profile directory — this is necessary for stateful automation but stores sensitive credentials locally in plain text if saved. No unrelated cloud credentials are requested, but environment access and local session files are sensitive and should be treated as secrets.
Persistence & Privilege
always:false (no forced global inclusion). The skill intentionally creates persistent artifacts (chrome_profile, session.json, recordings) and starts Chromium with a remote debugging port to which puppeteer.connect attaches. Exposing a remote debugging port increases local attack surface (possible remote control/data access if the port is reachable). The skill does not modify other skills or global agent settings.
Assessment
This skill appears to do what it says (stateful Puppeteer automation) but carries normal risks for a local browser automation tool. Before installing or running it: (1) Review the code yourself (especially browser.js and any custom eval scripts). (2) Run it in an isolated environment or container if you plan to visit untrusted sites. (3) Treat chrome_profile and session.json as sensitive (they contain cookies/login state); delete them when not needed. (4) Avoid using the eval command with untrusted code — it can execute arbitrary JS in page context and can be used to exfiltrate data. (5) Verify how Chromium binds the remote-debugging port (locally only) — if that port is reachable from other hosts it can be abused; consider firewalling or passing a bound address. (6) Do not pass secret environment variables or credentials to this process unless you understand how they will be used/stored. If you need higher assurance, ask the author for a reproducible build and a statement about remote-debugging binding, or run the tool inside a disposable VM/container.
browser.js:136
Shell command execution detected (child_process).
browser.js:113
Environment variable access combined with network send.
!
browser.js:17
File read combined with network send (possible exfiltration).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

ai-agent-toolsvk97ep5v14wj1yaqj68xkz8s0fd836fgsai-vision-mappingvk97ep5v14wj1yaqj68xkz8s0fd836fgsautomation-clivk97ep5v14wj1yaqj68xkz8s0fd836fgsbot-detection-bypassvk97ep5v14wj1yaqj68xkz8s0fd836fgsbot-evasionvk97ep5v14wj1yaqj68xkz8s0fd836fgsbrowser-automationvk97ep5v14wj1yaqj68xkz8s0fd836fgschromiumvk97ep5v14wj1yaqj68xkz8s0fd836fgsheadless-chromevk97ep5v14wj1yaqj68xkz8s0fd836fgslatestvk970vc460h8mww2psyaebwpg9s836vyfpuppeteervk97ep5v14wj1yaqj68xkz8s0fd836fgsstateful-browsingvk97ep5v14wj1yaqj68xkz8s0fd836fgsweb-automationvk97ep5v14wj1yaqj68xkz8s0fd836fgsweb-scrapingvk97ep5v14wj1yaqj68xkz8s0fd836fgs

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments