Baoyu Danger Gemini Web
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill is mostly aligned with Gemini text/image generation, but it can read and persist Google/Gemini browser session cookies and includes some account-changing Gemini APIs that deserve careful review.
Install only if you are comfortable giving the skill access to a Gemini/Google web session. Prefer a dedicated Google account and Chrome profile, review any EXTEND.md configuration, avoid automatic npx runtime fetching in sensitive environments, and verify that no account-mutating Gem operations are used unless you explicitly request them.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill may be able to act through your logged-in Google/Gemini web session, and saved cookies could remain usable after the first run.
The skill can obtain Google/Gemini/account cookies from Chrome via CDP and persist them to its own cookie file. These cookies are session credentials for a Google account.
Network.getCookies ... { urls: ['https://gemini.google.com/', 'https://accounts.google.com/', 'https://www.google.com/'] } ... await write_cookie_file(filtered, resolveGeminiWebCookiePath(), 'cdp')Use a dedicated Google account or dedicated Chrome profile, inspect where cookies are stored, and install only if you trust the skill with your Gemini session.
If these methods are imported or invoked by the agent or another skill, they could change or delete Gemini account objects, not just generate outputs.
The included client exposes Gemini Gem creation, update, and deletion methods, which are account-mutating operations not described in the main text/image generation usage.
async create_gem(name: string, prompt: string, description: string = '') ... async update_gem(...) ... async delete_gem(gem: Gem | string, opts?: RequestInit)
Limit the skill to the documented generation CLI path, or remove/document these mutation APIs with explicit user approval before any account changes.
A run may maintain and update Google session material for longer than a single request if the caller does not close the client cleanly.
The client has a default background refresh loop that can rotate and persist session cookies while the client remains active.
public auto_refresh: boolean = true; ... if (this.auto_refresh && sid) { ... void this.start_auto_refresh(ctl.signal); } ... while (!signal.aborted) { ... await write_cookie_file(this.cookies, resolveGeminiWebCookiePath(), 'refresh')Ensure the CLI or caller closes the client after use, and consider disabling auto-refresh unless persistent sessions are needed.
Execution may depend on a runtime obtained through npm tooling, adding normal supply-chain exposure.
The skill may run through `npx -y bun`, which can fetch a runtime package at execution time rather than using only preinstalled, pinned code.
Resolve `${BUN_X}` runtime: if `bun` installed → `bun`; if `npx` available → `npx -y bun`Prefer installing a trusted Bun version yourself and avoid relying on automatic `npx` resolution in sensitive environments.
The skill can execute local commands as part of browser discovery, although the shown use is purpose-aligned.
The vendored Chrome CDP helper runs a local process-listing command to discover Chrome debugging sessions.
const result = spawnSync("ps", ["aux"], { encoding: "utf-8", timeout: 5_000 });Run it only in an environment where local process discovery is acceptable.
An untrusted project could alter configuration in ways that affect where data is stored or how network traffic is routed.
Project or user EXTEND.md files can change skill settings such as proxy and data directory, so local project content can influence how the skill handles data.
Found │ Read, parse, apply settings ... EXTEND.md Supports: Default model | Proxy settings | Custom data directory
Inspect any `.baoyu-skills/baoyu-danger-gemini-web/EXTEND.md` before using the skill in an unfamiliar project.