Virtual Desktop Browser
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill appears to do what it says, but it gives an agent broad human-like control over Chromium and may use existing browser sessions unless isolated.
Review before installing. Run it in a container or dedicated empty Chromium profile, avoid using it with logged-in personal accounts unless intended, require confirmation for account-changing actions, and remember to stop the browser after use.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent could operate websites as if it were a person; on logged-in accounts this could submit posts, messages, purchases, settings changes, or other actions, and may violate site rules.
The skill is explicitly designed to automate browser interactions in a human-like way on bot-resistant sites, and exposes click/type/hotkey/screenshot capabilities without documented action or site guardrails.
automate with human-like mouse/keyboard/screenshot operations. Use for bot-resistant sites like Xiaohongshu and X/Twitter where GUI simulation is required.
Use only with explicit per-site and per-task approval. Add domain allowlists and require confirmation before login, posting, purchasing, deleting, messaging, or other account-impacting actions.
If Chromium is already logged in to services, the agent may act through the user's existing identity without the skill clearly disclosing or bounding that behavior.
The Chromium launch command shown does not use a dedicated --user-data-dir, incognito mode, or other profile isolation. On hosts where Chromium uses the current user's default profile, the agent may inherit cookies or signed-in sessions.
chrome_cmd = ["chromium-browser", "--no-sandbox", "--disable-dev-shm-usage", "--disable-gpu", f"--window-size={FIXED_WIDTH},{FIXED_HEIGHT}"]; chrome_cmd.append(url or "about:blank")Launch Chromium with an isolated empty profile by default, document any use of existing profiles, and require explicit opt-in before using real browser sessions or accounts.
Users must ensure they install the expected packages from trusted repositories and understand that the registry metadata may not fully prepare the environment.
The required setup is disclosed and purpose-aligned, but it depends on manual system package installation and Python dependencies rather than a complete install specification.
apt-get install -y xvfb chromium-browser ... pip install -r requirements.txt
Install in a controlled virtual environment or container, pin dependency versions where possible, and declare required binaries in metadata.
The browser may remain open, consume resources, and keep web sessions active if browser_stop is not called.
The skill intentionally keeps Xvfb and Chromium running across multiple operations until explicitly stopped. This is disclosed, not hidden, but it is persistent runtime behavior.
Browser lifecycle is manual: start once, multi-step flow, then stop.
Call browser_stop after each task, and consider adding automatic timeouts or cleanup on failures.