critical
suspicious.dangerous_exec
- Location
- browser.js:136
- Finding
- Shell command execution detected (child_process).
God of all Browsers
AdvisoryAudited by Static analysis on May 10, 2026.
Overview
Detected: suspicious.dangerous_exec
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
ConcernHigh Confidence
ASI02: Tool Misuse and ExploitationWhat this means
The agent could automate websites in ways they try to prevent, and a malicious page would have weaker browser sandbox protection on Linux.
Why it was flagged
The launched browser is explicitly configured for bot-check evasion and disables Chromium sandboxing on non-Windows platforms, reducing containment when browsing untrusted or protected sites.
Skill content
'--disable-blink-features=AutomationControlled', // Bypass Bot Checks ... isWin ? '' : '--no-sandbox'
Recommendation
Use only for authorized automation, preferably in a container or VM; avoid sensitive accounts and remove the no-sandbox setting unless it is strictly required.
ConcernHigh Confidence
ASI03: Identity and Privilege AbuseWhat this means
Anyone or any process with access to these files may be able to reuse your web sessions, and the agent can act as you on sites where you are logged in.
Why it was flagged
The skill stores and can export authentication material for logged-in websites, giving future browser automation the user's account authority.
Skill content
saves all session data, cookies, and local storage in the `./chrome_profile/` directory ... `save-session` command exports cookies to `session.json` in plain text
Recommendation
Use a dedicated browser profile and low-privilege test accounts; do not log into sensitive services, and delete `chrome_profile/` and `session.json` when finished.
ConcernHigh Confidence
ASI05: Unexpected Code ExecutionWhat this means
A bad or agent-generated script could perform unintended actions on a website or extract sensitive page content from the active browser session.
Why it was flagged
The skill intentionally exposes a raw JavaScript execution path on the current page, which can interact with logged-in web sessions and page data.
Skill content
The `eval` command is a high-risk feature that allows executing arbitrary JavaScript inside the browser context.
Recommendation
Require explicit user approval for every eval use, run only trusted scripts, and avoid using eval while logged into sensitive accounts.
NoteHigh Confidence
ASI10: Rogue AgentsWhat this means
The browser and its authenticated state may remain active between tasks until it is stopped.
Why it was flagged
The browser process is deliberately detached so it keeps running after the CLI command exits.
Skill content
detached: true, stdio: 'ignore', shell: false ... child.unref();
Recommendation
Run `node browser.js stop` after use and verify that the Chromium process has exited; clear stored profiles when the task is done.
NoteMedium Confidence
ASI06: Memory and Context PoisoningWhat this means
Sensitive information visible during browsing may remain on disk after the automation task.
Why it was flagged
The skill stores browsing snapshots/screenshots locally, which may include private page content and could be reused or inspected later.
Skill content
`recordings/`: Snapshots and screenshots for manual review.
Recommendation
Review and delete `recordings/`, `debug.log`, and any learning/session files after sensitive tasks; do not capture pages containing secrets unless necessary.
NoteMedium Confidence
ASI04: Agentic Supply Chain VulnerabilitiesWhat this means
Installation depends on npm package resolution and the local Node/Chrome environment.
Why it was flagged
Setup fetches an external npm dependency; this is expected for Puppeteer automation, but it is not represented by a registry install spec.
Skill content
npm install puppeteer-core
Recommendation
Install from a trusted network, review `package-lock.json`, and prefer reproducible installs such as `npm ci` where possible.