Skillv1.0.0

ClawScan security

Chrome Relay · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 15, 2026, 10:44 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions match its stated purpose (controlling a local Chrome session) but they require access to a local OpenClaw gateway token and extension path that are not declared in the skill metadata, which is an incoherence you should understand before installing.
Guidance: This skill appears to do what it says (control your local Chrome via a Browser Relay extension), but its runtime steps require reading your OpenClaw gateway token and accessing a local extension folder — yet the skill metadata doesn't declare those requirements. Before installing: (1) Verify the Browser Relay extension's source and integrity (ask the publisher for the extension package or a trusted release URL). (2) Only enter a gateway token if you trust the extension/skill; treat that token like a local credential. (3) Prefer to install the extension manually and review its manifest and code. (4) Be aware the skill can access your logged-in browser sessions and local port 18792; ensure that port is bound to localhost and not exposed to networks. (5) Ask the skill author to update metadata to declare the required config path and credential so you can make an informed decision.

Review Dimensions

Purpose & Capability: noteThe SKILL.md describes controlling a real Chrome browser via a local Browser Relay extension, and the runtime steps (install extension, attach, use gateway token, use browser tool) are consistent with that purpose. However, the skill metadata declares no required config paths or credentials even though the instructions explicitly reference the OpenClaw gateway token and a local extension path (~/.openclaw/browser/chrome-extension). The missing metadata declaration is an inconsistency.
Instruction Scope: concernRuntime instructions tell the agent/user to read and configure local resources: a local extension folder (~/.openclaw/browser/chrome-extension), the OpenClaw gateway token via `openclaw config get gateway.auth.token`, and to attach the extension to tabs. These actions access local config and privileged browser sessions. While these steps are necessary for the stated purpose, they do involve reading a local secret (gateway token) and interacting with the user's browser sessions — and the instructions do not limit or disclose how that token or session data is used or stored.
Install Mechanism: okThere is no install spec and no code files; the skill is instruction-only. That keeps install risk low. The SKILL.md prescribes a manual 'Load unpacked' extension installation — no automated download/install URLs are provided.
Credentials: concernThe instructions require retrieving and entering the OpenClaw gateway token, which is effectively a local credential, but the skill metadata lists no required environment variables or config paths. Requesting access to the gateway token is proportionate to controlling a browser, but the omission from metadata means the skill's declared requirements underrepresent what it needs and could mislead users about what sensitive data will be accessed.
Persistence & Privilege: notealways is false (good). The skill is allowed to be invoked autonomously (platform default). Combined with the ability to access the gateway token and attach to real browser sessions, autonomous invocation increases blast radius if misused — this is expected for browser-control skills but worth noting. The skill does not request persistent system-wide changes in the SKILL.md.