Browser Capture
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could interact with a webpage and download content if the user asks it to use this workflow.
The skill documents browser actions that can click page elements, trigger downloads, and inspect pages with JavaScript. These are aligned with the image-capture purpose, but users should ensure the target site and clicked elements are intended.
- **browser_click** - 点击页面元素 - **browser_download** - 点击元素并下载结果 - **browser_evaluate** - 执行JS代码获取元素信息
Use it only on intended pages, review target URLs and clickable elements, and avoid using it on sensitive logged-in pages unless you intend to capture that content.
JavaScript evaluation can read details from the currently opened page, including private page content if the browser is on a sensitive site.
The skill instructs execution of JavaScript in the browser page context to inspect image elements. This is expected for the stated purpose, but it is still dynamic page-script execution.
openclaw browser evaluate --fn "() => { ... return JSON.stringify(results.slice(0, 5), null, 2); }"Run evaluation only on pages you intend to inspect, and do not point the browser at private account pages unless capturing that information is intentional.
The skill may not work unless the expected OpenClaw Browser tooling and shell utilities are already available.
The registry does not declare required binaries, while the instructions rely on OpenClaw Browser commands and shell utilities such as curl. This is a metadata completeness note rather than evidence of hidden code.
No install spec — this is an instruction-only skill; Required binaries: none
Confirm the OpenClaw Browser tooling is installed and review any shell command before running it.