ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

browser scraper

v1.0.0

Scrape websites using a real Chrome browser with the user's Chrome profile — shares cookies, auth, and fingerprint to bypass bot detection (Cloudflare, Reddi...

0· 47·0 current·0 all-time
by@neekey
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The code and SKILL.md align with the declared purpose: it launches Playwright with a real Chrome profile to share cookies/auth and patch navigator.webdriver. However the implementation deletes stale lock and session files in the target profile directory (unlinkSync calls) — this is functionally related to using a persistent profile but is a potentially destructive side-effect that users may not expect.
!
Instruction Scope
The runtime instructions and script access the user's system Chrome profile directories, clean up (delete) SingletonLock/Session files, and may read cookies/auth state implicitly by launching a persistent profile. While reading the profile is part of bypassing bot detection, deleting session files and altering a user's profile is beyond passive scraping and carries data-loss/privacy risk. The SKILL.md does not adequately enumerate these destructive file operations.
Install Mechanism
There is no remote download/install step; the package lists Playwright as a dependency (package.json/lock present) and the SKILL.md instructs installing Playwright via npm. No external URLs or extract-from-URL installations were used.
!
Credentials
The skill metadata declares no required config paths or credentials, yet the script directly reads and modifies standard Chrome profile paths (system default and skill-local profiles). Access to those profile directories can expose sensitive cookies, session tokens, and other private data. The fact these filesystem accesses are not declared in the registry metadata is an incoherence and raises privacy risk.
Persistence & Privilege
The skill is not always-enabled and does not request special agent privileges. Still, it modifies user files in the browser profile (deleting lock/session files). That is a non-trivial privilege to exercise on a user's machine and should be considered before running.
Scan Findings in Context
[child_process_exec] expected: The script uses execSync to detect Chrome and check running processes (ls, pgrep). This is reasonable for checking availability and conflicts, but running shell commands is a higher-risk operation and should be reviewed.
[file_system_write_delete] expected: The script unlinks files (SingletonLock, session files) inside browser profile directories to avoid lock/conflict issues. While functionally related to using a persistent profile, deleting files in user browser profiles can cause data loss and should be explicitly declared and consented to.
[sensitive_path_access] expected: The scraper intentionally accesses system Chrome profile paths (e.g., ~/Library/Application Support/Google/Chrome/Default). Access is needed for the stated goal but is sensitive and was not reflected in skill metadata (no required config paths).
What to consider before installing
This skill intentionally launches Chrome with your profile and will share cookies, auth tokens and browser fingerprint to evade bot detection — that means any site you visit via the skill can observe your logged-in session. The script also deletes 'SingletonLock' and session files inside the profile directory to avoid launch conflicts; that can remove session state or cause unexpected browser behavior. Before using: (1) review the code yourself or run it in an isolated account/container, (2) prefer using a named skill-local profile instead of your system default profile to avoid exposing your main browsing sessions, (3) back up your Chrome profile if you plan to run it against your default profile, (4) ensure you have Node >=18 and install Playwright per SKILL.md, and (5) do not run it under privileged accounts. The skill's registry entry did not declare these filesystem accesses or destructive actions — treat that omission as a red flag and proceed cautiously.
scripts/scrape.mjs:158
Shell command execution detected (child_process).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk977r07jgz9djs7c0eshjncsh583xb2h

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments