Skillv1.0.4

ClawScan security

Ghost Browser · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 26, 2026, 10:23 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's stated purpose (automated Chrome control via nodriver) is plausible and most required pieces are present, but packaging and install inconsistencies and local persistence behavior are concerning and warrant caution before installing.
Guidance: This skill mostly does what it says (Chrome automation using nodriver), but there are packaging and install inconsistencies and it will store session cookies and profiles locally. Before installing: 1) Review the full Python script (scripts/stealth_browser.py) for any network endpoints or unexpected behavior you don't trust. 2) Do not run setup.sh blindly — it installs packages and attempts to make a CLI executable but references a non-existent path (scripts/ghost-browser), indicating a broken package. 3) Consider running the skill in an isolated environment (VM/container) or test account to avoid exposing real credentials. 4) If you plan to persist sessions, be aware cookies/localStorage are stored under ~/.openclaw/... and can contain sensitive tokens. 5) Prefer skills with an identifiable source/homepage or official releases; if you need this capability, request a corrected package (matching filenames and a clear install spec) or a signed release from the author.

Review Dimensions

Purpose & Capability: noteThe name/description align with what the files implement: a Python-based Chrome automation daemon using nodriver. Required binaries (python3, Chrome/Chromium) and a pip dependency on nodriver are appropriate. However the package shows signs of sloppy packaging: _meta.json version differs from registry metadata, and the repo/source/homepage are unknown — reducing traceability.
Instruction Scope: okSKILL.md instructs the agent to use the local ghost-browser CLI for navigation, element interaction, and session save/load. The runtime instructions stay within the stated purpose (browser automation). They do direct the agent to persist and restore sessions (cookies/localStorage), which will store authentication state locally — expected for this functionality but sensitive.
Install Mechanism: concernThe registry declares no install spec, but repository includes setup.sh and requirements.txt that create a venv and pip-install nodriver. That mismatch is an inconsistency. The setup.sh also tries to chmod +x a script path (scripts/ghost-browser) that does not appear in the file manifest (the provided script is scripts/stealth_browser.py), which likely means the packaged setup is broken or mismatched. Because the skill executes local Python and installs packages, you should not run setup scripts without review.
Credentials: okNo environment variables or external credentials are requested. The code writes state, profiles, logs, cookies and session files into ~/.openclaw/... which is proportional to a browser automation tool but means the skill will store potentially sensitive cookies/auth tokens on disk under the user's account.
Persistence & Privilege: noteThe skill does persist state (profiles, sessions, cookies) to the user's home directory. It is not force-included (always:false) and does not request elevated system privileges, but persistence of session cookies/localStorage increases the sensitivity of what is stored locally and the blast radius if the skill were compromised.