God of all Browsers
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: god-of-all-browsers Version: 1.0.6 The skill bundle provides high-risk browser automation capabilities, including an 'eval' command in 'browser.js' that allows arbitrary JavaScript execution within the browser context. It also features a 'save-session' command that exports browser cookies to a plain-text 'session.json' file, creating a significant credential theft risk. Furthermore, the 'resolveFilePath' function in 'browser.js' lacks proper path sanitization, potentially allowing the agent to read arbitrary files from the host system if they are passed to the 'find' or 'eval' commands. While the author included basic security gates (like the '--force' flag) and documentation warnings, the combination of arbitrary code execution, file system access, and plain-text credential storage makes this bundle highly risky.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could automate websites in ways they try to prevent, and a malicious page would have weaker browser sandbox protection on Linux.
The launched browser is explicitly configured for bot-check evasion and disables Chromium sandboxing on non-Windows platforms, reducing containment when browsing untrusted or protected sites.
'--disable-blink-features=AutomationControlled', // Bypass Bot Checks ... isWin ? '' : '--no-sandbox'
Use only for authorized automation, preferably in a container or VM; avoid sensitive accounts and remove the no-sandbox setting unless it is strictly required.
Anyone or any process with access to these files may be able to reuse your web sessions, and the agent can act as you on sites where you are logged in.
The skill stores and can export authentication material for logged-in websites, giving future browser automation the user's account authority.
saves all session data, cookies, and local storage in the `./chrome_profile/` directory ... `save-session` command exports cookies to `session.json` in plain text
Use a dedicated browser profile and low-privilege test accounts; do not log into sensitive services, and delete `chrome_profile/` and `session.json` when finished.
A bad or agent-generated script could perform unintended actions on a website or extract sensitive page content from the active browser session.
The skill intentionally exposes a raw JavaScript execution path on the current page, which can interact with logged-in web sessions and page data.
The `eval` command is a high-risk feature that allows executing arbitrary JavaScript inside the browser context.
Require explicit user approval for every eval use, run only trusted scripts, and avoid using eval while logged into sensitive accounts.
The browser and its authenticated state may remain active between tasks until it is stopped.
The browser process is deliberately detached so it keeps running after the CLI command exits.
detached: true, stdio: 'ignore', shell: false ... child.unref();
Run `node browser.js stop` after use and verify that the Chromium process has exited; clear stored profiles when the task is done.
Sensitive information visible during browsing may remain on disk after the automation task.
The skill stores browsing snapshots/screenshots locally, which may include private page content and could be reused or inspected later.
`recordings/`: Snapshots and screenshots for manual review.
Review and delete `recordings/`, `debug.log`, and any learning/session files after sensitive tasks; do not capture pages containing secrets unless necessary.
Installation depends on npm package resolution and the local Node/Chrome environment.
Setup fetches an external npm dependency; this is expected for Puppeteer automation, but it is not represented by a registry install spec.
npm install puppeteer-core
Install from a trusted network, review `package-lock.json`, and prefer reproducible installs such as `npm ci` where possible.