ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Baoyu Danger Gemini Web

v0.1.1

Generates images and text via reverse-engineered Gemini Web API. Supports text generation, image generation from prompts, reference images for vision input,...

0· 97·0 current·0 all-time
by@nengnengz
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description claim a reverse‑engineered Gemini Web client for text/image generation; included scripts implement that and call only Google/Gemini endpoints. Requiring browser session cookies and a Chrome debugging/CDP helper is coherent with the stated purpose (the client needs valid __Secure-1PSID / __Secure-1PSIDTS to authenticate).
!
Instruction Scope
SKILL.md and the shipped code instruct the agent to read/write consent and cookie files in user data directories, optionally load cookies from the local Chrome profile (using a bundled Chrome CDP module), launch or connect to Chrome debug ports, and write cached cookie files. These actions access sensitive local browser state (authentication cookies) and user config files beyond a simple API key — the SKILL.md does include an explicit consent flow, but the runtime instructions will read local browser cookies and may launch/manipulate Chrome sessions.
Install Mechanism
This is an instruction‑only skill (no external downloads at install time). Code is bundled in the skill (TypeScript + a vendored baoyu‑chrome‑cdp). It requires running the local scripts (bun or npx) but does not fetch arbitrary remote code during installation. No suspicious remote install URLs were found.
!
Credentials
Registry metadata declares no required env vars, but the code reads several environment variables (e.g., GEMINI_WEB_LOGIN, GEMINI_WEB_FORCE_LOGIN, GEMINI_WEB_CHROME_PROFILE_DIR, GEMINI_WEB_CHROME_PATH, BAOYU_CHROME_PROFILE_DIR and others) and will access local browser cookies and profile directories. Accessing browser cookies is equivalent to accessing authentication credentials — appropriate for this reverse‑engineered approach, but high‑sensitivity and not reflected in the required‑env metadata.
Persistence & Privilege
Skill does not request always:true and does not modify other skills. It will create/read/write cookie and consent files under user data dirs (e.g., ~/.local/share or %APPDATA%). It may launch or connect to Chrome via CDP, which is a privileged local action; this is powerful but consistent with its authentication strategy.
What to consider before installing
This skill implements a reverse‑engineered Gemini Web client that needs real Google session cookies to work. It will attempt to load cookies from your browser (via a bundled Chrome CDP helper), may launch or attach to Chrome, and will write cookie and consent files to your user data directories. Before installing: (1) Be sure you accept the SKILL.md consent flow; (2) prefer using a dedicated or disposable Chrome profile rather than your main browser profile if you proceed; (3) inspect the bundled code yourself (it’s included) or run it in an isolated environment; (4) be aware the skill can access sensitive cookies (equivalent to authentication credentials) and network to Google endpoints — revoke or rotate cookies if you later uninstall; (5) consider disabling autonomous invocation (or only invoke this skill manually) if you are uncomfortable with it accessing local browser state without an explicit prompt.
scripts/gemini-webapi/utils/paths.ts:38
Shell command execution detected (child_process).
scripts/vendor/baoyu-chrome-cdp/src/index.test.ts:89
Shell command execution detected (child_process).
scripts/vendor/baoyu-chrome-cdp/src/index.ts:220
Shell command execution detected (child_process).
scripts/vendor/baoyu-chrome-cdp/src/index.ts:97
Environment variable access combined with network send.
!
scripts/gemini-webapi/utils/upload-file.ts:3
File read combined with network send (possible exfiltration).
!
scripts/vendor/baoyu-chrome-cdp/src/index.ts:202
File read combined with network send (possible exfiltration).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk9768xjdtwmjjjbjeccn2jz5bh839r7r

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Any binbun, npx

Comments