ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Edge Browser

v1.0.0

Control Microsoft Edge browser to fetch web pages and extract content. Use when the user wants to access a specific URL using Edge browser instead of Chrome,...

0· 476·2 current·2 all-time
by@meikowo
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill's name/description (Edge browser fetcher) align with the included script and SKILL.md: the script uses Playwright to launch Edge or Chromium and returns page content. Minor inconsistency: the registry metadata lists no required binaries, but the SKILL.md requires installing Playwright (pip) and browser runtimes — this is documented in SKILL.md but not reflected in metadata.
Instruction Scope
SKILL.md and scripts instruct only to install Playwright and run the provided fetch.py with a URL and optional wait/output flags. The script fetches the page, waits, extracts title/content/text, and returns JSON. It does not read other files, env vars, or contact any hidden endpoints.
Install Mechanism
There is no automated install spec (instruction-only). Installation is manual via pip/playwright CLI per SKILL.md. This is a lower-risk pattern, but be aware Playwright will download browser binaries (chromium) during installation and the script attempts to launch Edge by absolute Windows paths (fallback to Chromium).
Credentials
The skill requests no environment variables or credentials. The script does not access secrets or configuration outside its purpose.
Persistence & Privilege
The skill is not always-enabled and does not modify other skills or system-wide settings. It runs only when invoked.
Assessment
This skill appears coherent and implements exactly what it claims: using Playwright to control Edge/Chromium and return rendered page content as JSON. Before installing, note: (1) SKILL.md requires you to run 'pip install playwright' and 'playwright install chromium' — Playwright will download browser binaries to disk. (2) The script executes pages' JavaScript (headless browser), so visiting untrusted or internal URLs can cause network requests or trigger side effects on the target site; do not use it to fetch internal-only or sensitive endpoints (localhost, internal APIs) unless you understand the risks. (3) The code does not exfiltrate data to external servers beyond returning the page content in stdout/file, but that content could itself contain sensitive data; consider running the skill in a sandboxed environment or with limited network access. (4) The skill source is listed as unknown — if provenance matters, verify the publisher before installing. If you want stronger assurance, ask the publisher for signed releases or run the script in an isolated container and inspect outputs during test runs.

Like a lobster shell, security has layers — review code before you run it.

browservk97392wvyz4cdx69zq9790wve1823hjhchrome-alternativevk97392wvyz4cdx69zq9790wve1823hjhedgevk97392wvyz4cdx69zq9790wve1823hjhlatestvk97392wvyz4cdx69zq9790wve1823hjhplaywrightvk97392wvyz4cdx69zq9790wve1823hjhweb-fetchvk97392wvyz4cdx69zq9790wve1823hjh

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments